About This Site

Welcome to ClearFacts' status site. Please subscribe to updates above to get up to minute alert notifications on any service interruptions.

On CVE-2021-44228 / Apache Log4j vulnerability
-------------------------------------------------------------------------
On December 9th, a critical vulnerability was found in Apache Log4j, a widely used logging package for Java. The vulnerability may allow an attacker to execute arbitrary code by sending crafted log messages. It has been identified as CVE-2021-44228 and given the name Log4Shell.
It was first reported privately to Apache on November 24th and was patched with version 2.15.0 of Log4j on December 9th.

After the vulnerability was announced publicly, we quickly assessed our exposure to this issue. Pending a more thorough investigation, we decided to shut down our reporting servers over the weekend. On Monday morning, we patched these systems and turned them back on.

Besides the reporting servers, only our on-premise satellite software is based on Java and is actively using Log4j. Since this software is not accessible from the internet, there is no immediate risk. Nevertheless, out of precaution, we will patch this software in the coming weeks.