Response to Log4j (Log4Shell) vulnerability

Avatar
Mike Watling

During the second week of December 2021, a vulnerability was reported with the open-source Log4j logging utility.

As part of our due diligence, Vidyard finished the discovery and remediation of its platform and supporting code for the Log4j (CVE-2021-44228) vulnerability as of December 13, 2021.

Vidyard was running a 100% default configuration of Log4j as packaged within Apache Druid, luckily not processing strings in a manner that could be directly exploited. Vidyard's engineering team patched to the latest secure version regardless. Our version is 2.17.1, and we are patched for CVE-2021-44228, CVE-2021-45046 & CVE-2021-44832 as of January 28, 2022.

We continue to monitor the situation quite closely for new developments. If you have any further questions, please contact our Support Team.

 

 

Need support

Submit a ticket or start a chat. We'll provide a self-serve resource or connect you with our support team, available 24x5.

Chat with Our Team