Security Reports

This page lists all security vulnerabilities fixed in released versions of Apache Guacamole. Each vulnerability is listed with a description of the problem, its associated CVE number, and the Guacamole release in which the vulnerability was fixed.

Reporting new vulnerabilities

If you believe you have discovered a security problem in Apache Guacamole, please follow responsible disclosure practices and report discovered security issues privately, either to the private security mailing list of the ASF Security Team or the security@guacamole.apache.org mailing list, before disclosing or discussing the issue in a public forum.

Is Apache Guacamole affected by CVE-2021-44228?

No, CVE-2021-44228 does not affect Apache Guacamole. Guacamole uses Logback as its logging backend, not Log4j.

Fixed in Apache Guacamole 1.4.0

Fixed in Apache Guacamole 1.3.0

Fixed in Apache Guacamole 1.2.0

Fixed in Apache Guacamole 1.0.0

Fixed in Apache Guacamole 0.9.11-incubating

Fixed in Guacamole 0.9.9 (pre-Apache release)

Fixed in Guacamole 0.6.3 (pre-Apache release)