What is it?
On December 9th, a vulnerability in a widely used logging library, Log4j – an open-source Apache logging framework that developers use to keep a record of activity within an application, was discovered by cybersecurity experts. This vulnerability impacts digital systems across the internet, and hackers have already begun attempting to exploit it.
Log4j is a java library still broadly used in enterprise systems and web applications. Jen Easterly, the security director of the U.S. Cybersecurity and Infrastructure Security Agency, said in a CNBC interview last week that “The log4j vulnerability is the most serious vulnerability I have seen in my decades-long career”.
We at Ignyte couldn’t agree more. Log4j is embedded in cloud storage platforms (e.g., Amazon, Azure, and Google Cloud), games like Minecraft, home electronics (e.g., Smart TVs, security cameras, etc.), and even NASA’s Ingenuity helicopter on Mars uses it.
What You Need to Do
On Friday, December 10th, The U.S. Cybersecurity and Infrastructure Security Agency issued an alert regarding the vulnerability (read it here). Additionally, the Apache Software Foundation is encouraging users of Apache to review the “Apache Log4j 2.15.0” announcement and upgrade their Log4j to version 2.15.0 or implement their recommended mitigations immediately.
How does this impact Ignyte and your environment?
Ignyte’s software platform is not impacted by this vulnerability whatsoever. At Ignyte, we are using a different set of libraries to accomplish the same task. However, just to practice some precaution our development has run a full dependency check on our source code to ensure this framework is not used within the Ignyte platform.