We are pleased to report that we completed the necessary patching of any systems where vulnerable versions of Log4j were identified in our applications. These instances are updated to Log4j 2.16 as of Dec 16, 2021, Log4j 2.17 as of Dec 20, 2021, and Log4j 2.17.1 as of Jan 6, 2022. This completes our mitigation efforts.
The majority of our applications have been protected against any attempted exploits of the Log4j vulnerability since Dec. 11, 2021, via our web application firewall(s). We also patched the threat-protection software on the physical firewalls protecting our core applications on Dec 15, 2021 to block any Log4j exploitation attempts. These added layers of protection are part of our defense-in-depth approach to securing our systems.
We continue to monitor for any updated information or subsequent changes that require attention.
We will provide future updates as needed.
Thank you
1WorldSync Security Team
