On December 9, 2021, the technology community identified a critical vulnerability in the popular Java-based logging package “Log4j”. Apache Log4j is a universal, open-source Java library widely used by many platforms and developers worldwide. This vulnerability has been deemed extremely harmful, with a rating of 10 on a scale of 1 to 10 by the Apache Software Foundation because it can lead to remote code execution.

Here’s What You Need To Know About The Log4j Vulnerability 

The 101domain team has been monitoring the ongoing situation and we have thoroughly evaluated our use of Apache Log4j across all of our tools and technologies. Any potential vulnerabilities have been addressed and there has been no known impact on our products or services due to this vulnerability.

If you own or work for a company using Java-based software that uses Log4j, our partner Cloudflare has outlined the steps you need to take to mitigate and protect your systems.

How to Mitigate Log4j

Implement one of the following mitigation techniques:  Java 8 (or later) users should upgrade to release 2.16.0. Java 7 users should upgrade to release 2.12.2.

Otherwise, in any release other than 2.16.0, you may remove the JndiLookup class from the classpath: zip -q -d log4j-core-*.jar
org/apache/logging/log4j/core/lookup/JndiLookup.class

Secure Web Accelerator Protection

Cloudflare has implemented Web Application Firewall (WAF) rules to mitigate the vulnerability and is continuously refining these rules in line with recommendations from the Apache Software Foundation. 101domain’s Secure Web Accelerator clients are already benefiting from this update to the Cloudflare-managed WAF rules.

This is an example of a unique advantage of putting your website and applications “behind” Cloudflare.

For detailed information about the protection Cloudflare is rolling out, please visit the Cloudflare blog.