Resolved
Log4j Vulnerability

Started
December 14, 2021 at 3:45 AM
Status
Resolved after 2 days
Affected
App

Impact

Operational
  • Resolved
    December 16, 2021 at 6:40 AM

    We have since deprecated the software that used the version of Log4j that was vulnerable.

    We will mark this incident as resolved. In the meantime, we will continue our vigilance and patch or deprecate software that we believe has been affected.

  • Monitoring
    December 15, 2021 at 6:56 AM

    Our subprocessors have responded. They are either unaffected or have already taken measures to protect against exploitation of the Log4j vulnerability.

    Padlet had also integrated with a software that had used a version of Log4j that was vulnerable. However, the vulnerability could not have been exploited to access user's personal data. Our security team performed an incident analysis and there is no indication that user data was accessed. As a precautionary measure, as of 14 Dec 12pm UTC, we halted access to the software and will fully deprecate it in the next 24 hours.

  • Investigating
    December 14, 2021 at 3:45 AM

    Padlet does not use log4j in the software we write. That being said, as log4j is commonly used, we are in the midst of investigating software that we integrate with to determine if we are subject to the vulnerability and if so, evaluate impact and act to patch the affected software.

    In the meantime, we are systematically going through our list of subprocessors to ascertain if they too have been impacted by the log4j vulnerability.

    We will publish updates on our status page as soon as we have more clarity.