Security advisory regarding the Log4j critical vulnerability

A a small internal module that handles logging for Java programs may affect your application.

A vulnerability in Log4j Log4j is a small internal module that handles logging for Java programs. was announced on the 10th of December 2021. Reports worldwide show that the vulnerability is used actively and successfully in attacks.

Log4j is a Java-based logging utility widely used in popular software systems.

Key Takeaways

What we’ve done so far

Fortunately, this has no consequences for our systems, and no services are down.

However, we must point out that we do not have, and should not have, any knowledge of which applications our customers run and how they are affected by this.

Recommendations to our customers

If you think you are not vulnerable, please check to be on the safe side one more time.

Please note that Log4j is embedded in many other logging tools and services using those logging tools. There is a growing list of affected (and non-affected).

Affected technologies Read CVE announcement

Suppose we at Safespring have indications that services or instances in our infrastructure are affected by the Log4j vulnerability and actively used in attacks. In that case, we will alert the customer, and if that customer doesn’t take action, we will have to shut down those instances as soon as possible to prevent further damage.

We don’t actively monitor for this, but others might notify us. It is the responsibility of the service owner to investigate the situation further in such cases.