In this article

Sign up for our newsletter

or
Start Free Trial
Share this article

CVE-2021-44228 and CVE-2021-45046

Dec. 13, 2021

As soon as reports of the vulnerabilities in the open-source Apache Log4j logging utility were announced on December 10th, 2021, Osano’s engineering team launched an investigation into our use of Log4j across our services, systems and applications. While we found several instances where we were using this dependency for logging, every case involved entirely backend services where no public interface is exposed. Despite this, Osano is working to update instances where we use Log4j or remove this dependency entirely from these internal services.

References:

CVE -CVE-2021-44228

Dec. 14, 2021

Osano has updated the following services to Log4j 2.15:

  • PDF Conversion Service (internal).
  • Data Discovery Integration Processor (internal).

Dec. 15, 2021

The Log4j team has discovered additional vulnerabilities in their recent 2.15 release. While these new vulnerabilities are not seen as a risk to Osano operations, the Osano engineering team has updated the following services to Log4j 2.16:

  • PDF Conversion Service (internal).
  • Data Discovery Integration Processor (internal).


References:

CVE -CVE-2021-45046
Get a demo of Osano today

U.S. Data Privacy Checklist

Stay up to date with U.S. data privacy laws and requirements.

Download Your Copy
2025 Law Checklist Resource Listing

Scott Hertel

Scott Hertel

Scott Hertel is the CTO & co-founder of Osano. An experienced software architect, Scott has been building scalable data-driven software for more than 20 years. Prior to Osano, Scott was the founding CTO of Meta SaaS, a leading enterprise software asset management platform for cloud applications which was sold to Flexera Software in 2018.

Share this article