Log4Shell
Posted: Thu Dec 23, 2021 4:40 pm
Hey everyone, I just wanted to assure you that UMS is not affected by the infamous Log4j exploit, AKA Log4Shell.
We do not use Log4j directly, and have used two scanners to ensure our dependencies don't include a vulnerable version too.
For scanning, we used both the Docker scanner which is powered by Snyk, as well as the open source tool Grype.
This exploit has been huge for some projects and businesses, so we have really dodged a bullet here. Our hearts go out to those affected by the exploit.
We do not use Log4j directly, and have used two scanners to ensure our dependencies don't include a vulnerable version too.
For scanning, we used both the Docker scanner which is powered by Snyk, as well as the open source tool Grype.
This exploit has been huge for some projects and businesses, so we have really dodged a bullet here. Our hearts go out to those affected by the exploit.