Edsby services were not compromised by the Log4j exploit Log4Shell (CVE-2021-44228) that affected many large systems on the Internet.

Shortly after Log4Shell’s public disclosure, the Edsby operations team became aware of the issue and started investigating ramifications to our systems. Almost immediately, our web application firewall provider deployed and began enforcing a filtering rule that prevented these attacks from even reaching the Edsby infrastructure.

In parallel, we started to identify potentially affected components in our systems and began deploying mitigations as a precaution. Due to the software versions and our configurations, we determined we were not vulnerable to exploitation that would put customer data at risk.

We performed log analysis scanning for attempts to exploit the Log4j vulnerability on Edsby’s systems before disclosure and mitigation by our firewall provider and found no evidence of any compromises of our cloud services.

We continue to monitor the situation and will perform further mitigations and analysis if necessary.