We’re Protected from the Log4Shell Vulnerabilities
All of our servers and services are protected from the Log4Shell Vulnerabilities (CVE-2021-44228 and CVE-2021-45046).
Apache Log4j is a library for logging functionality in Java-based applications. A flaw was found in Apache Log4j, allowing a remote attacker to execute code on the server if the system logs an attacker-controlled string value with the attacker’s Java Naming and Directory Interface™ (JNDI) Lightweight Directory Access Protocol (LDAP) server lookup. This flaw allows a remote attacker to execute code on the target system with the same privileges as the Java-based application that invoked Apache Log4j.
We ran a full audit across all software of our servers and we can confirm that we are not susceptible to these vulnerabilities:
Hypercharged Cloud Hosting
We do not run any Java software with our Hypercharged Cloud Hosting servers so they are not impacted by these vulnerabilities.
Cloud Dedicated Hosting & Cloud Clusters Hosting
The Elasticsearch versions used by our Cloud Dedicated Hosting and Cloud Clusters Hosting are not susceptible to either remote code execution or information leakage due to the usage of the Java Security Manager. We have also updated all Elasticsearch services to the latest version which remove certain components of Log4j out of an abundance of caution.
There is nothing that you will need to do on your end and all of your websites are automatically protected.