Is there an official word from Zapier about any vulnerabilities and efforts to mitigate them?
Best answer
Log4j Vulnerability and Zapier
Best answer by christina.d
Hi there,
Great question and definitely appreciate you reaching out.
For clarity, Zapier has performed a review of all of our services that may be using log4j. Thankfully, none of the software written by Zapier uses log4j. Of the third-party tools that do use log4j, we’ve been able to confirm that in each case either:
- We have applied patches to the latest possible fix.
- The software has other mitigations in place or runs outside of Zapier’s network. To be safe, each of these have had the necessary patches applied.
- The version we’re using is not impacted by any of the announced log4j vulnerabilities.
Our response team has evaluated all processes running across our environments and verified there are no vulnerable versions of log4j running in Zapier’s stack. In addition, we’re using security watchdog tools in our environment that have been configured to alert on any attempt to utilize this exploit and alert our response team. At this time we’ve not found any abnormal activity.
As of this time Zapier does not have any systems of concern with respect to recent log4j security vulnerabilities.
I hope this is helpful.
This post has been closed for comments. Please create a new post if you need help or have a question about this topic.
+14- Zapier Expert
- 31608 replies
Hi
Probably best to submit a ticket via Zapier Support to inquire about this: https://zapier.com/app/get-help
+9- Zapier Staff
- 2653 replies
- Answer
Hi there,
Great question and definitely appreciate you reaching out.
For clarity, Zapier has performed a review of all of our services that may be using log4j. Thankfully, none of the software written by Zapier uses log4j. Of the third-party tools that do use log4j, we’ve been able to confirm that in each case either:
- We have applied patches to the latest possible fix.
- The software has other mitigations in place or runs outside of Zapier’s network. To be safe, each of these have had the necessary patches applied.
- The version we’re using is not impacted by any of the announced log4j vulnerabilities.
Our response team has evaluated all processes running across our environments and verified there are no vulnerable versions of log4j running in Zapier’s stack. In addition, we’re using security watchdog tools in our environment that have been configured to alert on any attempt to utilize this exploit and alert our response team. At this time we’ve not found any abnormal activity.
As of this time Zapier does not have any systems of concern with respect to recent log4j security vulnerabilities.
I hope this is helpful.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.