Didomi experienced a notice incident on December 14, 2021 affecting Console and Consents APIs and 1 more component, lasting —. The incident has been resolved; the full update timeline is below.
Affected components
Update timeline
- resolved Dec 14, 2021, 01:59 PM UTC
On Dec 9th, 2021, the "log4j vulnerability" (https://www.f5.com/labs/articles/threat-intelligence/explaining-the-widespread-log4j-vulnerability) was disclosed that allows remote code execution on many common Java-based applications. Didomi mostly uses Node.js for our backend systems and, after conducting an audit, we have determined that we are not affected by this vulnerability. We are monitoring AWS' fixes on the topic (https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) and most critical services that Didomi uses in production (EC2, S3, Cloudfront, etc.) have already been patched.