What is the log4j Vulnerability
Simplistically, Log4j is a Java logging library that is incorporated into the Apache Enterprise software ecosystem:
- ElasticSearch
- Apache Solr
- Apache Struts
- Apache Druid
- Logstash
- And many others
At a high level, it allows malicious people to do two things that we are against:
- Perform remote code execution
- Perform Denial of Service aka DDoS attacks
SourceDay’s Cleanup
We were lucky and our systems were only minimally impacted. We were able to update our items on Dec 15, 2021 to remove any vulnerabilities. We have completed changes recommended by the CVE.