[Announcement]Log4j vulnerability
Incident Report for anynines
due to the log4j vulnerability that currently is in all news, we took some steps to mitigate the issue, but your action might be required. If you have an application based upon java and use log4j, we ask you to patch the application. Should this take longer and you use log4j 2.10+ a simple restart will do for now, as we set the env var "LOG4J_FORMAT_MSG_NO_LOOKUPS" globally as env var for all applications. But this will only be applied when you restart your application.

We have already updated all instances of Java running inside the platform and inside our automation, so please take a moment to verify that your applications are either not affected and to secure them if they are.

If you have further questions please do not hesitate to reach out to our support.

Kind Regards,
Sven Schmidt
a9s Platform
Posted Dec 14, 2021 - 15:25 CET
This incident affected: Customer applications.