---
title: "Log4Shell and MariaDB (CVE-2021-44228)"
publish_date: 2021-12-14
updated_date: 2021-12-15
author: "Bryan Alsdorf"
---

# Log4Shell and MariaDB (CVE-2021-44228)

Several MariaDB customers have asked us about [CVE-2021-44228](https://nvd.nist.gov/vuln/detail/CVE-2021-44228) aka “Log4Shell”, a vulnerability in the Log4j Java logging framework which may allow remote code execution (RCE).

Update: The detail here also addresses the second Log4j vulnerability, CVE-2021-45046.

### MariaDB Products

No MariaDB product is directly impacted by this CVE. MariaDB Connector/J can optionally be configured to use Log4j. Users of MariaDB Connector/J should see [this blog](https://staging-mdb.com/resources/blog/is-the-mariadb-jdbc-driver-affected-by-the-log4j-vulnerability) for a detailed explanation of CVE-2021-44228 and mitigations.

### MariaDB Hosted Systems

MariaDB’s security team has reviewed our systems. While we have no vulnerable customer-facing systems, an internal system used a version of Log4j covered by CVE-2021-44228. We have mitigated the vulnerability in this internal system and reviewed all logs for suspicious activity.

### Additional Information

If you have any questions about this, please contact us either through our [support site](https://cloud.mariadb.com/csm) (for customers) or by [clicking here](https://staging-mdb.com/contact/).

For details on MariaDB’s end-to-end security strategy, visit our [Trust Center](https://staging-mdb.com/trust/).

For information on reporting a security vulnerability, visit our [vulnerability reporting page](https://staging-mdb.com/vulnerability-reporting/).