Log4Shell (CVE-2021-4422 & CVE 2021-45046) vulnerability

Friday, December 10, 2021

There has been a lot of concern in the technical media, through to the mass media, regarding this serious vulnerability just exposed in the Java-based Apache library Log4j.

Rest assured that we do not use Java anywhere within our current shared hosting environment or dedicated server fleet, thus there is no identified risk to you or your site assets from this exploit.   We also immediately launched an audit to double check there were no Java-based applications elsewhere on the network, switches, routers, firewalls, staff computers etc and to date everything looks good.  We are continuing to check into this to be sure.

Footnote: A component of Java is where the vulnerability lies, this is not the same as JavaScript.  Equally, while log4j libarary at issue is a project of the Apache Foundation, they support hundreds of projects and this one has no relation at all to the Apache Server which does form a part of our system.

« Back