Re: Square Online and Apache Security Vulnerabilit...

allan21 · ‎12-11-2021

Hi - does Square Online/Weebly/etc. make use of Apache's Log4j Java-based logging... or Apache Struts2, Apache Solr, Apache Druid, Apache Flink, etc.?

Apache is pervasive in the web hosting world, so I would not be surprised if it does.

I trust you've seen reports in the news regarding a serious and easy-to-exploit security flaw in these Apache products, e.g. https://logging.apache.org/log4j/2.x/security.html

What is Square's position? Not applicable, or patches being deployed?

cc: @tranguyen

tranguyen · ‎12-13-2021

Hi @allan21, thank you for sharing this.

I've shared this with the appropriate team and will follow up once I have an update from them.

Tra | she/her
Community Engagement Program Manager, Square
Have a burning question to ask in our Question of the Week? Share it with us!

allan21 · ‎12-13-2021

Thanks @tranguyen - I forgot to mention it also affects older versions of Logstash, which lots of systems use.

Even the British and American governments have put out warnings about this flaw:

https://news.sky.com/story/potential-for-damage-incalculable-experts-sound-alarm-over-cyber-vulnerab...

Howler007 · ‎12-17-2021

Update please? If it’s not an issue, great. If it is, please reassure us.

Square Online and Apache Security Vulnerabilities