SignalPath experienced a major incident on December 13, 2021 affecting Insights, lasting 7d. The incident has been resolved; the full update timeline is below.
Affected components
Update timeline
- identified Dec 13, 2021, 07:23 PM UTC
Out of an abundance of caution, we have taken SignalPath Insights offline due to the presence of the Apache Log4j vulnerability (CVE-2021-44228) in the software that supports our Insights application. Our vendor is working to patch the vulnerability in their software and we will incorporate this patch as soon as it is available to us. We apologize for the inconvenience and will update when we are able to bring Insights back online.
- identified Dec 14, 2021, 10:16 PM UTC
We are continuing to monitor updates from our vendor, but they have not yet been able to remediate the log4j vulnerability in their software. In the interest of keeping our clients' data secure, SignalPath Insights will remain offline until this issue is addressed.
- identified Dec 15, 2021, 10:33 PM UTC
We are continuing to diligently monitor updates from our vendor. You can continue to check status updates here. No other portions of our application have been or are being affected. At this point in time, we are unable to estimate the time for remediation. Please know that we are doing everything that we can to safely bring Insights back online.
- resolved Dec 20, 2021, 08:20 PM UTC
SignalPath’s supporting vendor has released a verified patch for the Apache Log4j2 vulnerability (CVE-2021-44228) that SignalPath has reviewed and installed. Insights is back online. Thank you for your patience and cooperation.