Ceros experienced a major incident on December 15, 2021 affecting Displaying Visitor Metrics, lasting 2d 23h. The incident has been resolved; the full update timeline is below.
Affected components
Update timeline
- identified Dec 15, 2021, 06:13 PM UTC
In an effort to protect Ceros systems against the log4j vulnerability, we will be applying a patch to our analytics infrastructure. While we have not seen any evidence of Ceros systems being compromised, we are utilizing a sub-processor for Ceros analytics. As part of our remediation plans, we will be putting our analytics into maintenance mode while we work on releasing a patch to mitigate the vulnerability. During this time, users will be able to access Ceros and no event data will be lost however, new data will not be seen in Ceros analytics until after the maintenance period has concluded and the log4j vulnerability has been resolved. Please stay tuned to the status page for further updates as they become available and please feel free to email [email protected] should you have any questions.
- resolved Dec 18, 2021, 05:21 PM UTC
We are happy to report that we have upgraded Ceros to use a new server with the updated log4j library. This means there are no remaining vulnerabilites for Ceros analytics and they are now back online. You should now be able to review the data collected while analytics was in maintenance mode and you will see analytics reported normally moving forward. Should you have any questions about this upgrade, please email mailto:[email protected].