Monday - 12/20: 7:15 pm EST
Reltio has reviewed the Log4j vulnerability (CVE-2021-44228) and mitigated the potential risk to the Reltio Platform, please find below the timeline of activities,
There was a recent announcement of a widespread Apache Log4j vulnerability affecting the industry. This critical vulnerability has the potential to lead to the compromise of applications, systems, and data. At this time, we have not discovered any malicious activity related to this vulnerability that may impact the platform or customer data. We discovered that some services within Reltio included the Log4j vulnerability, and our teams quickly applied measures to mitigate potential risks related to those services.
In response to the identification of this vulnerability, we took proactive steps to minimize the risks associated with the vulnerability, including the following:
- Conducted a thorough review of our infrastructure including all systems we use to host and run the Reltio platform
- Reviewed third-party services that we use to support the platform
- Implementing mitigation measures to help guard against any Log4j exploits
Additionally, for Reltio Customers using ROCS, we want to share the update that Reltio's Open Collaboration Service (ROCS) utilities have been updated to address the recently announced Apache Log4j vulnerability. Please upgrade to the latest versions as soon as possible to minimize risk.
We are currently updating platform services and ROCS utilities to the latest 2.17.0 version of Log4j.
Updated Reltio's Open Collaboration Service (ROCS) utilities:
util-metadata-security-service
If a utility has been revised as part of your implementation, then please update the Log4j dependency to the latest 2.17.0 version.
We will continue to monitor the situation and provide relevant updates. If you have any questions, please reach out to me at security@reltio.com.
Thursday - 12/16: 11:00 pm EST
You may be aware of the recent announcement of the widespread Apache Log4j vulnerability affecting the industry. This critical vulnerability has the potential to lead to the compromise of applications, systems, and data. At this time, we have not discovered any malicious activity related to this vulnerability that may impact the platform or customer data. We did discover that some services within Reltio included the Log4j vulnerability, and our teams quickly applied measures to mitigate potential risks related to those services.
In response to this vulnerability announcement, we took proactive steps to minimize the risks associated with the vulnerability, including the following:
- Conducted a thorough review of our infrastructure including all systems we use to host and run the Reltio platform
- Reviewed third-party services that we use to support the platform
- Implementing mitigation measures to help guard against any Log4j exploits
Additionally, for Reltio Customers using ROCS, we want to share the update that Reltio's Open Collaboration Service (ROCS) utilities have been updated to address the recently announced Apache Log4j vulnerability. Please upgrade to the latest versions as soon as possible to minimize risk.
If a utility has been revised as part of your implementation, then please update the Log4j dependency to the latest 2.16.0 version.
Updated Reltio's Open Collaboration Service (ROCS) utilities:
util-metadata-security-service
We will continue to monitor the situation and provide relevant updates. If you have any questions, please reach out to me at security@reltio.com.
Saturday- 12/11: 10:30 am EST
Reltio is aware of the Log4j vulnerability (CVE-2021-44228) and has assessed the potential risk to the Reltio platform. At this time, mitigations have been applied and our team continues to monitor the situation.
Friday - 12/10: 9:00 pm EST
Reltio is aware of the Log4j vulnerability (CVE-2021-44228) and is reviewing if there are any risks related to the issue.
Out of an abundance of caution, our Information Security Team is actively looking into the issue. Should we determine an incident has occurred, we will reach out and notify you.
We are closely monitoring the platform, we will keep you posted for any further updates. Thank you for choosing Reltio!
Comments
Article is closed for comments.