What is the log4j vulnerability?
Late last week, Engineering was notified of a critical security flaw on software commonly used by millions of web servers. If not remedied, the issue, known as the “log4j vulnerability”, could leave servers open to attacks by hackers.
What has Engineering done to address it?
Our Engineers immediately reviewed our systems, across all products and services, looking for vulnerable log4j versions. A limited number of issues on non-internet facing systems were found and immediately patched.
Additionally, we use the log4j library as a plugin for CoreNexa Desktop. The client libraries were updated on December 14th, and CoreNexa Desktop will update itself the next time the client starts or restarts by the end user.
We recommend any customer with an open CoreNexa Client closes and relaunches it to ensure it has the latest updates.
By close of business on Tuesday, December 14th, Engineering will have effectively remediated any known vulnerability from log4j.