Classic file types are no longer available for use as of January 2021. You can transition your classic files or download a PDF. Learn More

Please apply Apache log4j security patch on Workiva

0

Commenti

4 commenti

  • Mike Davis

    Hi Neelima!

    Thanks for asking. I have forwarded this question onto our Security team to get an answer for you. I'll be in touch ASAP.

    0
  • Mike Davis

    Quick follow-up here.

    At this time, the only information Workiva can provide is what's in our bulletin here: https://support.workiva.com/hc/en-us/articles/4412643446804
    0
  • Neelima Yadav

    Hi Mike,

    Would it be possible to get patched log4j version as well?

    Thanks,

    Neelima

    0
  • Mike Davis

    Hi Neelima,

    Sorry for the delay here. I have the following update for you.

    Due to the reported vulnerability with the 2.15 version of log4j (CVE-2021-45046), Workiva has patched our usage of the library to the 2.16 version across all environments. We continue to work with our third-parties to identify and mitigate any upstream impact.

    To date, there has been no impact to our platform or customer data. If that changes, we will notify affected customers without any undue delay.

    0

Accedi per aggiungere un commento.