Log4Shell critical vulnerability

On Friday 10th December, Apache announced a critical vulnerability within the LOG4J logging library for Java, called Log4Shell or LogJam.

At 10/10 severity, this is comfortably one of the most serious IT vulnerabilities to have been discovered in recent memory, as Log4J is often installed on both Linux and Windows systems either directly, or often as a requirement of another package or system. The vulnerability existing since 2013, was privately disclosed to The Apache Software Foundation, of which Log4j is a project, by Alibaba’s Cloud Security Team on 24 November 2021 and publicly disclosed on 9 December 2021.

Log4J is not used in any software developed by sapnagroup, and also not installed on any of the servers maintained by sapnagroup. This means that any sites developed by sapnagroup as well as the servers maintained by sapnagroup are not affected by the Log4Shell vulnerability.