The situation seems stable. Thorough investigations by our engineers haven't revealed any anomalies. The JobTeaser team will continue to monitor the general aftermath of the Log4Shell vulnerability, and we are now closing this incident.
Posted Dec 15, 2021 - 17:11 CET
Monitoring
JobTeaser engineers have successfully deployed a satisfactory security mechanism to protect the vulnerable third party statistics software used in our platform. The mechanism has been deployed to production and the statistics module has been brought back online. We will closely monitor the situation and look out for any warning signs, so we won't be considering this incident resolved as of yet. We thank you for your patience while we worked on implementing adequate safeguards to protect all our users data.
Posted Dec 15, 2021 - 12:28 CET
Update
Preliminary tests of the security mechanism are positive. JobTeaser engineers are currently ramping up testing of the solution to ensure it provides adequate protection to our platform. If the additional tests are positive, we will be able to push the changes to production. We cannot provide an ETA for when the stats module will be back online.
Posted Dec 15, 2021 - 11:07 CET
Update
We still haven't received any updates from our software provider. However, JobTeaser engineers are still working on bringing the statistics service back online while ensuring our users & data remain safe. A security mechanism, separate from the statistics software, is being implemented, and will be thoroughly tested. More updates as we get them.
Posted Dec 14, 2021 - 17:51 CET
Update
Protecting users', partners' & clients' data is our number 1 priority. We have decided to shutdown the statistics module on the JobTeaser platform to ensure our users' data stays safe.
While we understand that this is an important feature for many of our users, we cannot run the risk of having our platform breached.
Our engineers are still investigating the best way to protect against the attacks targeting the Log4J vulnerability (CVE-2021-44228) present in the statistics software we use, as we wait on an update from the statistics software provider.
Posted Dec 14, 2021 - 14:20 CET
Update
We are continuing to investigate this issue.
Posted Dec 14, 2021 - 11:57 CET
Investigating
The JobTeaser platform uses a software component for its statistics charts that is vulnerable to the Log4shell vulnerability (CVE-2021-44228). This vulnerability is critical, and JobTeaser is currently working on mitigating it. This might cause some issues with the statistics charts on the JobTeaser platform.