Best answer

Log4j Vulnerability and Zapier

  • 17 December 2021
  • 2 replies
  • 344 views

Userlevel 1

Is there an official word from Zapier about any vulnerabilities and efforts to mitigate them?

icon

Best answer by christina.d 18 December 2021, 04:27

View original

This post has been closed for comments. Please create a new post if you need help or have a question about this topic.

2 replies

Userlevel 7
Badge +14

Hi @senglish 

Probably best to submit a ticket via Zapier Support to inquire about this: https://zapier.com/app/get-help

Userlevel 7
Badge +9

Hi there, @senglish!

Great question and definitely appreciate you reaching out.

For clarity, Zapier has performed a review of all of our services that may be using log4j. Thankfully, none of the software written by Zapier uses log4j. Of the third-party tools that do use log4j, we’ve been able to confirm that in each case either:

  • We have applied patches to the latest possible fix.
  • The software has other mitigations in place or runs outside of Zapier’s network. To be safe, each of these have had the necessary patches applied.
  • The version we’re using is not impacted by any of the announced log4j vulnerabilities.

Our response team has evaluated all processes running across our environments and verified there are no vulnerable versions of log4j running in Zapier’s stack. In addition, we’re using security watchdog tools in our environment that have been configured to alert on any attempt to utilize this exploit and alert our response team. At this time we’ve not found any abnormal activity.

As of this time Zapier does not have any systems of concern with respect to recent log4j security vulnerabilities.

I hope this is helpful.