Security Patch: Zero-day in the Log4j Java Library

Prodly continues working to patch any Prodly services that either use the vulnerable component Log4j2 or provide it to customers. At this time, Prodly has reasonable confidence that our service experienced limited exposure to this attack due to the way the application is structured, specifically the closed nature of any inputs. If Prodly becomes aware of unauthorized access to Customer Data, we will notify impacted customers in accordance with breach notification terms in the Subscription Services Agreement (SSA) executed in connection with your order.

Issue: We are aware of the recently disclosed Apache Log4j2 vulnerabilities (CVE-2021-44228 and CVE-2021-45046).

Impact: We are actively reviewing and monitoring our systems for any signs of exploitation and are working to patch any Prodly services that either use the vulnerable component Log4j2 or provide it to customers.

For more information, please review CVE-2021-45046CVE-2021-44228, and the Apache Log4j2 post. We appreciate your trust in us as we continue to make your success our top priority.

Current Status: We deployed a patch at 3:30pm PDT Friday, December 17th, 2021. The Prodly status site will be updated regularly. https://status.prodly.co/