Rocket.Chat application is not affected by Log4j software vulnerability

Markus Kirsch
December 14, 2021
·
min read

A  high severity security vulnerability in the popular open source log4j logging library has been discovered and assigned CVE-2021-44228. This impacted multiple versions of the Apache Log4j 2 utility.

The flaw in the Log4j software could allow hackers a complete takeover of the affected systems and has prompted an urgent warning by many governments’ cybersecurity agencies, like the US and Germany.

Rocket.Chat application is not affected by the log4j vulnerability as it does not use log4j. Our SaaS offering is not affected as well per the current state of our investigation. We continue to monitor the situation very closely.

The Rocket.Chat application does not use log4j directly or via dependencies. Log4j is a Java utility, our stack does not use Java. Hence the log4j vulnerability cannot be exploited in the Rocket.Chat application. To avoid confusion: Rocket.Chat uses log4js (notice the additional “s” at the end), which is not affected by the vulnerability.

Our SaaS product on the application layer does not use Java as well. We have run a vulnerability scan over our infrastructure and found no usage of log4j. And for all clients that run Rocket.Chat in a self-managed and air-gapped environment, they are safe from it.

Rocket.Chat has reached out to potentially affected suppliers that help us provide our SaaS product, and we have received confirmation from them that their products are not affected by the log4j vulnerability. 

We are constantly analyzing our infrastructure and actively using our security monitoring systems to make sure that we are constantly improving our security and keeping your data safe.


Get started with Rocket.Chat’s secure collaboration platform

Talk to sales

Frequently asked questions about <anything>

Markus Kirsch
Related Article:
Team collaboration: 5 reasons to improve it and 6 ways to master it
Want to collaborate securely with your team?
Deploy Rocket.Chat on-premise or in the cloud and keep your conversations private.
  • Digital sovereignty
  • Federation capabilities
  • Scalable and white-labeled
Talk to sales
Looking for a HIPAA-ready communications platform?
Enable patients and healthcare providers to securely communicate without exposing their data.
  • Highly scalable and secure
  • Full patient conversation history
  • HIPAA-ready
Talk to sales
The #1 communications platform for government
Deploy Rocket.Chat on-premise, in the cloud, or air-gapped environment.
  • Digital sovereignty
  • Trusted by National Geospatial-Intelligence Agency (NGA), the US Army, the US Navy, and the US Air Force
  • Matrix federation capabilities
Talk to sales
Want to customize Rocket.Chat according to your own preferences?
See behind the engine and change the code how you see fit.
  • Open source code
  • Highly secure and scalable
  • Unmatched flexibility
Talk to sales
Looking for a secure collaboration platform?
Keep your conversations private while enjoying a seamless collaboration experience with Rocket.Chat.
  • End-to-end encryption
  • Cloud or on-prem deployment
  • Supports compliance with HIPAA, GDPR, FINRA, and more
Talk to sales
Want to build a highly secure in-app chat experience?
Use Rocket.Chat’s APIs, frameworks, and managed backend to build a secure in-app or live chat experience for your customers.
  • Supports compliance with HIPAA, GDPR, FINRA, and more
  • Highly secure and flexible
  • On-prem or cloud deployment
Talk to sales

Our best content, once a week

Share this on:

Get your free, personalized demo now!

Build the most secure chat experience for your team or customers

Book demo