Keen incident

Apache Log4j Vulnerability - No impact to the Keen platform

Notice Resolved View vendor source →

Keen experienced a notice incident on December 15, 2021, lasting —. The incident has been resolved; the full update timeline is below.

Started
Dec 15, 2021, 09:50 AM UTC
Resolved
Dec 13, 2021, 06:00 PM UTC
Duration
Detected by Pingoru
Dec 15, 2021, 09:50 AM UTC

Update timeline

  1. resolved Dec 15, 2021, 09:50 AM UTC

    Keen is aware of a new, critical vulnerability in the Apache Log4j library, CVE-2021-44228. Our Engineering team investigated the impact of the Log4j remote code execution vulnerability and have determined that no part of our platform is vulnerable. We use Logback as a primary logging framework. On the other hand our Apache Kafka, Apache Zookeeper, Apache Storm and Apache Cassandra currently use Log4j 1.2.17, which is not affected by this issue. We are not at risk of breach via the above vulnerability.