The Showpad services that make use of the open-source Apache “Log4j2” utility have been updated to version 2.17.1.
If you have any questions, please reach out to your Customer Success Manager or Account Executive, or open a case and our Support team will be in touch.
Posted Jan 13, 2022 - 13:20 CET
Update
The Showpad services that make use of the open-source Apache “Log4j2” utility have been updated to version 2.17.0.
If you have any questions, please reach out to your Customer Success Manager or Account Executive, or open a case and our Support team will be in touch.
Posted Dec 18, 2021 - 18:55 CET
Update
We are aware that Log4j version 2.17.0 was recently released and that it patches a new vulnerability discovered in version 2.16.0.
Our engineering team is updating Showpad services that use this utility. We are currently treating it as a high vulnerability, based on the CVSS score and our already in place internal security measures.
Posted Dec 18, 2021 - 17:52 CET
Update
We are aware that Log4j version 2.16.0 was recently released and that it includes additional hardening against potential exploitation.
We are currently working on upgrading all the Showpad services that make use of this utility, with the majority of them already running version 2.16.0.
We want to reassure you that we still don’t have any indication of data exploitation.
Posted Dec 16, 2021 - 15:42 CET
Monitoring
Showpad became aware of the security issue relating to the open-source Apache “Log4j2” utility (CVE-2021-44228) as soon as it was publicly disclosed.
Over the weekend, our engineers have updated the Showpad services that make use of the open-source Apache “Log4j2" utility to the latest version. The incident history and our efforts can be referenced here - https://status.showpad.com/incidents/ldsthtv25wrs
Along with the update, our internal investigation does not show any indication of exploitations either.
If you have any questions, please reach out to your Customer Success Manager or Account Executive, or open a case and our Support team will be in touch.