Technical Info: Easy Redmine Application Is Not Affected by the Vulnerability CVE-2021-44228
Our Easy Redmine application is safe for both the cloud and the server solution. It has no Java code whatsoever.
Vulnerability marked as CVE-2021-44228 concerning Log4j2 component affects Java applications in combination with Apache and Passenger servers. Furthermore, we officially support Nginx and Unicorn server combination. This applies to our Cloud solution as well.
For Easy Redmine in cloud
Easy Cloud is completely safe from this vulnerability due to technological “incompatibility” regarding the code, as well as the web server and the application server.
For self-hosted Easy Redmine
- If you use the official supported technological stack, you are completely safe.
- If you use Apache and Passenger, your Easy Redmine application is still safe on its own as doesn’t contain Java. However, if the server contains different applications that do use Java code, you need to follow up on that part.
More information about Log4Shell can be found here.