Skip to main content
  1. Arduino Help Center
  2. About Arduino
  3. My Arduino Account

About security vulnerabilities in Apache Log4j

In late 2021 a series of security vulnerabilities were found in Apache Log4j, a logging utility used by Arduino IDE 1.8 at the time. As of version 1.8.19, Log4j is no longer used by the IDE.

Arduino IDE 2 and Cloud services do not use Log4j and were not affected.

Fixed in Arduino IDE 1.8.19

The Log4j library was removed in Arduino IDE 1.8.19.

You can download the latest IDE release here.

History

Date IDE release Note
2021-12-21 1.8.19 Log4j dependencies removed, resolving CVE-2021-44228, CVE-2021-45046, and CVE-2021-45105.
2021-12-14 1.8.18 Upgraded Log4j to 2.16.0, resolving CVE-2021-45046
2021-12-14 1.8.17 Upgraded Log4j to 2.15.0, resolving CVE-2021-44228
2021-09-06 1.8.16 Using Log4j 2.12.0

Note: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.

  • Last edited:
Was this article helpful?
Do you want to contribute? Visit the Github repository
Return to top

Didn’t find what you were looking for?

Contact Us

Do you have a particular request? Haven’t found what you were looking for in the articles we suggested? No worries, email us and we’ll answer as soon as possible.

Ask the Community

If you need a hand picking up the appropriate board for your next creation or just need help with a project, head over Discord to ask the community.

Project Hub

Get inspired by a variety of tutorials, Getting Started guides, showcases and pro tips. Contribute with projects, comment tutorials and ‘Respect’ the ones you like.