Zipline incident

No impact to Zipline from the recent Log4j vulnerability

Notice Resolved View vendor source →

Zipline experienced a notice incident on December 15, 2021 affecting Core Platform and Search and 1 more component, lasting —. The incident has been resolved; the full update timeline is below.

Started
Dec 15, 2021, 06:01 PM UTC
Resolved
Dec 15, 2021, 06:01 PM UTC
Duration
Detected by Pingoru
Dec 15, 2021, 06:01 PM UTC

Affected components

Core PlatformSearchPublishingNotificationsFiles

Update timeline

  1. resolved Dec 15, 2021, 06:01 PM UTC

    After investigating, we're pleased to inform you that Zipline’s system was not affected by CVE-2021-44228, the Apache / Log4j vulnerabilities announced yesterday and over the weekend. We don’t use Java, Apache, or Log4j to serve the application. We have one internal system that uses Elasticsearch to provide our search infrastructure. Elasticsearch is built in Java and uses log4j. We have investigated all access points and confirmed that none of them were vulnerable to an attack. We have patched all Elasticsearch domains to increase their protection going forward. If you have any questions about our response to Log4j, our infrastructure, or anything related to security please email [email protected]