Does the node operator software or satellite software or anything at Storj lab use Java log4j and the new vuln CVE-2021-44228?
2 Likes
We are entirely running on golang, so there is not anything that uses log4j 
Thanks for raising the concern/attention for this, its a major flaw affecting millions of hosts/applications world wide 
3 Likes
Been on major incident calls all day going on hour 14 but wanted to make sure my home server was safe as this is the only world facing app I have exposed…
Note that Unifi stuff is impacted however. About to start patching that shortly. lol
1 Like
Any chance you could be impacted by your cloud hosting providers?
There are so many systems that use the Apache Log4j components, websites, Cisco equipment. This requires a full assessment.
1 Like
Are there already patches out? (for Unifi)
1 Like
Thank you, but now the Cloud connection is down due to AWS having problems, so I can’t update from afar 
Yeah, been a horrible day. O365 has had multiple incidents as well.
1 Like
and this morning it was Cloudflare’s turn… Cloudflare is experiencing widespread latency and timeouts
A lot of voip systems use Cloudflare so that would have been interesting…
Bloody hell this year got busy fast. Must be due for another Exchange exploit soon. lol
1 Like
Hello - we’ve published a more formal response in the Announcements channel on Log4j. Thanks
3 Likes