FAQ: Interfolio and the Log4J “Zero-Day” Security Vulnerability
What is the “zero-day” software security vulnerability associated with Log4J?
You may have heard about the recently disclosed “zero-day” security vulnerability in Apache's very popular Java logging framework Log4J. Zero-day vulnerabilities are security vulnerabilities that are known to be actively exploited in the wild before the vulnerability has been fixed by the software developer.
In general across the software world, the recently disclosed vulnerability in Log4J is considered very serious because it can allow a skilled hacker to run unauthorized code on the target server, possibly accessing sensitive information.
Are Interfolio’s clients, users, or data at risk from the Log4J “zero-day” vulnerability?
As far as we can tell, no. To the best of our knowledge, this vulnerability does not affect any of Interfolio’s software products.
Our team has investigated any systems we have that might be affected by this vulnerability, and has determined that Interfolio is not running any servers that are using the affected versions of Log4J.
What is Interfolio’s plan around this vulnerability going forward?
We will continue to monitor this development as more information is released and will update this FAQ page as needed. If anything changes that will impact you as an Interfolio client, we will notify you.
In the meantime, if current client institutions or Dossier users have any questions about the vulnerability and Interfolio’s risk assessment, please contact us at email@example.com.