Tech talk

Statement on Log4j (CVE-2021-44228)

By
Chris Ostrowski
December 20, 2021
January 18, 2022

In Summary: The Dutchie Security Team is aware of the Log4j (CVE-2021-44228) exploit and has taken measures to ensure all systems are up to date and patched. At this time, we are not aware of any internal issues related to this exploit. We are actively monitoring the situation and promptly responding to any future developments.

Dutchie's application software (encompassing Greenbits & LeafLogix) does not depend on Log4j in development or deployment of its systems. Upon notice of the potential for exploitation, the Dutchie Security Team performed an immediate and deep analysis of all first-party systems that could leverage the Log4j library and immediately patched or removed systems that could have been vulnerable. We have no evidence or indication that exploitation occurred.

Whilst we were ensuring first-party systems were not vulnerable, we also began to examine third-party infrastructure and service providers. Our teams took immediate action to ensure third-party partners promptly addressed any vulnerable systems where appropriate. At this time we are confident that all supporting systems are up to date with security patches and our customers are not at risk to this exploit.

The Dutchie Security Team will continue to monitor the situation and are committed to addressing any future developments. If you have any questions or would like further information please contact support@dutchie.com or your customer success manager.

This post will be updated with any further information as needed.

References

About the author
Chris Ostrowski
Chief Technology Officer