The critical log4j vulnerability, the logging library of the widely used Apache web server, was worldwide in the news. As part of our services make use of Apache web servers, we therefore screened them immediately. The initial conclusion was that the vulnerability is not present in our core services. Because we didn’t enable log4j there.
Afterwards, we looked into third party frameworks that we use. There, we detected the presence of the log4j function in the Elastic Search environment. A popular open source environment for real-time indexing and search. We urgently updated this framework with a log4j patch.
We did this vulnerability sweep on top of our standard security monitoring and maintenance protocol.
Read further: News, log4j, security, vulnerability
Your email address will not be published. Required fields are marked *