The log4j vulnerability does not affect DreamHost's managed servers. This includes the following hosting plans:
- Shared hosting
- VPS (private servers)
- Dedicated servers (without an admin user)
This is because DreamHost's managed servers do not provide or offer any Java tools or services that include the log4j vulnerability.
There are two types of DreamHost hosting plans which are UN-managed. These include:
These types of servers allow root/sudo access which allows the admin user to manually install Java software which could potentially include calls to the vulnerable class.
DreamHost recommends that customers who have installed Java-based software immediately update it as soon as possible. Please submit a ticket to DreamHost support for further questions.