We are writing to inform you that over the past weekend a critical vulnerability was identified in a commonly used java library named Log4j.
While the Worksuite platform does not integrate directly with the library in question, our platform does make use of a 3rd party technology called ElasticSearch (this tool is used to enhance Worksuite’s search and filter features) which does contain the Log4j code.
We are actively monitoring responses from ElasticSearch and Amazon Web Services to ensure that they are taking the necessary corrective measures. Worksuite is also taking the actions recommended in the AWS bulletin below to upgrade our AWS server instances in line with the guidance provided.
A high severity vulnerability (CVE-2021-44228) impacting multiple versions of the Apache Log4j 2 922 utility was disclosed publicly via the project’s GitHub 1.5k on December 9, 2021. The vulnerability impacts Apache Log4j 2 versions 2.0 to 2.14.1.
What Are We Doing?
We are monitoring our 3rd party providers, ElasticSearch and Amazon Web Services (AWS) as they take steps to address the vulnerability within their respective products. We are making the required updates following their guidance - which includes upgrading all ElasticSearch server instances within our AWS infrastructure.
ElasticSearch security bulletin: https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476
Amazon Web Services security bulletin: https://aws.amazon.com/security/security-bulletins/AWS-2021-005/)
If there is anything else that we can do to assist you, please reach out to firstname.lastname@example.org
The Worksuite Customer Success Team