2021/12/13, 18:30 GMT+1
1st update on 2021/12/14, 14:04 GMT+1
2nd updated 2021/12/15 18:41 GMT+1
Last update 2021/12/20 09:47 GMT+1
As some of you may know, a severe vulnerability (CVE-2021-44228) has been detected on Apache Log4j
Shippeo’s platform does not use Java as the main development language, so we are not directly impacted by this issue, but we do work with subcontractors/vendors that are using Java as a language to develop their applications.
OPTC's plaform was audited (Full dependencies scan) and the incriminated library is not used for any services.
We’ve reached out to all those providers to ensure the security of our infrastructure and the safety of your data:
- Elastic search : A new version has been deployed, on the 13th of december at 16:20 GMT+1
- Dataiku : Checked and not vulnerable
- Talend : not vulnerable because it uses a non-impacted version of log4j
- Kafka : Checked and not vulnerable
- Keycloak : Checked and not vulnerable
- Tableau server :
- Vulnerable but no evidence of exploitation has been found
- A mitigation has been implemented on the 14th of december at 12:30 GMT+1
- Tableau / Salesforce released a patch on 19/12 that we installed the same day
- Algolia : Checked and not vulnarable
- Jenkins : Checked and not vulnerable
We have not identified any other partner, but we continue to actively monitor the situation and will update this statement moving forward
Should you have any questions, please feel free to reach out to our Support team.