You may have heard about a recently announced security issues in Apache Log4j (CVE-2021-44228 + CVE-2021-45046).
Apache Log4j is a widely used logging framework used in Java applications like Solr, Elasticsearch...
I'll explain in short what we did to keep our clients safe, or what they should do if their own server is linked to the Experience Cloud Platform.
If the web application is hosted on Dropsolid Experience Cloud Platform
No action is required on the end of our clients, we took the necessary measures to keep all web applications secure:
- We mitigated the vulnerability in multiple services of the Experience Cloud on December 10th.
- We performed an exhaustive audit and found no evidence the vulnerability had been exploited.
- We are actively monitoring any new developments closely to ensure your web application remains secure.
If our client's own server is linked to the Dropsolid Experience Cloud Platform
In this case, our clients should contact their vendor or infrastructure team to ensure they are aware and are actively following up on this security issue.
More background information about this security issue can be found in various webpages from NIST, Cloudflare, CERT, ...
If you have any questions or need help yourself with this issue, please don't hesitate to contact us!