Kelly Burns Kaiser Permanente

For other customers who might be concerned, I just received this from Automate Support:

Since Automate is not using log4j, therefore it is not impacted by the log4j 2 vulnerability described in the CVE-2021-44228.
As for CrowdStrike impact on Automate, we have not experience with it, so we don't know if it could negatively impact it.

 

And I realize that is under Oracle client however are there are any Log4j files or *.jar files used in Automate?

Also, we may be installing an application called CrowdStrike to help combat a potential vulnerability with these types of files. Will that cause any conflict with Automate?

On our Automate servers I found log4j-core.jar file which is a security vulnerability.  Will Automate be creating a patch for this and if so, what is the ETA?