You may be aware by now of the vulnerability around Log4j - the Java-based logging framework. Our engineers have consulted our partners, including Microsoft and Auth0, who assure us that any vulnerabilities have already been addressed and our solutions will not be affected. So we would like to highlight some points for you below:
You may know that Log4J is a common open-source library used for logging in Java applications. Many commercial and open-source products use it. A vulnerability was discovered last week and is currently actively being exploited. This vulnerability is known as CVE-2021-44228. Should you wish, you will find an abundance of technical information about the vulnerability itself via Google.
If you are a Smoothwall on-premise customer, please be assured that no Java code is running on our systems so the issue does not apply.
If you are a customer of Smoothwall Cloud Filter, Monitor, or Record Manager, Log4j does not feature in our development therefore Smoothwall code is not vulnerable to this. However, we rely on Microsoft for storage and compute, and on Auth0 for authentication, among many others. Our partners have assured us that their services are safe - and we would like to pass that assurance on to you also.
Smoothwall responded quickly to this vulnerability - and our main task has been identifying potential dependent services which may also be vulnerable, as well as vulnerabilities in our own business systems. At present we are confident that there are none. Taking an abundance of caution, however, we will redouble our efforts to scan and monitor our estate.
You do not need to take any action around your Smoothwall solution.
If you have any questions please contact us at firstname.lastname@example.org and we’ll come back to you.
Kind regardsThe Smoothwall Development Team