Updates & News 15 December 2021

k6 core products not impacted by Log4j CVE-2021-44228 and related vulnerabilities

Pawel Suwala, LoadImpact CTO

    Like you we have learnt about the Log4j RCE vulnerability, CVE-2021-44228, and the related CVEs that were discovered following disclosure of 44228.

    We are fortunate in our case that we chose not to use Java as a core part of our stack and have no dependencies on services and applications that make use of it.

    After a rigorous review of our codebase, we are confident that k6 OSS, k6 Cloud, and our in-house developed extensions (xk6 extensions in the Grafana organisation on GitHub) are not affected.

    If you have specific questions or concerns regarding this vulnerability and your k6 products or services, please email support@k6.io.
    < Back to all posts