Showing results for 
Show  only  | Search instead for 
Did you mean: 

Impact of log4j zero day vulnerability

DynaMight Pro
DynaMight Pro

Today a high severity zero day vulnerability impacting the very popular log4j package has been published:


I would be interested to know if any Dynatrace components are known to be affected and if so, how exactly, what's the risk of compromise and if there is anything that can be done from a user/customer perspective to help minimize the risk of exploits.


I've already approached support but haven't received any response yet.


Any feedback is appreciated.


DynaMight Pro
DynaMight Pro

Fixed versions of Dynatrace mentioned in official communication:,,
contains same elastic/log4j versions as nonfixed, but with added elastic jvm parameter "-Dlog4j2.formatMsgNoLookups=true".


Hey DnyaMight Pro


This of course is impacting our Managed Cluster Nodes!  We're currently on version  Our infosec team would like know if the lower lo4j (2.11) can be removed without causing any impact as our scans will continue to highlight these libraries..

Can the log4j be upgraded?  If so, what are the steps?  

Dynatrace Advocate
Dynatrace Advocate

Dear valued customers,


we would like to inform you that Dynatrace just published a website summarizing the current state and findings in regards to the current log4j situation. You can find the article here:

Dynatrace expects to update this document as new information becomes available.

Community Team
Community Team

As all official communication about this topic will be done from now on through the article Stefan posted, Dynatrace chat and support tickets, I'm closing this thread for now - as soon as I will get a green light again, it will be reopened (hopefully pretty shortly 🙂)

If you have any questions about the Forum, you can contact me at

Community Team
Community Team