On Friday December 9th a Zero-Day vulnerability named Log4Shell has been published concerning the Apache Log4j library. This very critical flaw allows hackers to run arbitrary code remotely through the Log4j library, a library used worldwide by all industries.
We would like to inform you that Batch is not affected by this vulnerability Our technical infrastructure does not make use of the Apache Log4j library impacted by the security threat, and our technical team has immediately updated the third-party tools that could have been impacted.
Many of you are rightly concerned about this vulnerability, which is considered one of the most worrisome in recent years since Heartbleed and ShellShock, so we thought it was important to inform you of the steps our technical teams have taken to ensure that this vulnerability has no impact on Batch.
-
As soon as the security threat was discovered, we mobilized our teams to conduct a thorough analysis of Log4j usage within our infrastructure. On all our business applications written in Java, including the Android SDK, we did not detect any use of Log4j, the logging part being managed differently at Batch.
-
Concerning the third-party tools we use on a daily basis, we identified some that were using a vulnerable version of Log4j. They were immediately updated to stable versions that fixe the Log4Shell vulnerability.
-
Then, we further analyzed all the logs produced by our third-party tools over the last few months and we can assure with certainty that the Log4Shell vulnerability has not been exploited.
If you have any questions about the Log4j library and the Log4Shell vulnerability that impacts it, or if you would like to learn more about the infrastructure and data security at Batch, contact the team at support@batch.com.
Keep Pushing...safely! 😉
Johann Pardanaud
Software Engineer @ Batch
Follow us
The CRM Newsletter
Subscribe to get the latest news in your inbox!
