Statement Regarding the Log4J Vunerability and Response at Coldfront Labs Inc.
On December 10th, 2021, a zero-day vulnerability within the popular Java library Log4J was published, CVE-2021-44228 .
This library is used in many services, but the two affected ones of concern are Apache Solr and Elastic Cloud, as various sites use these products as search indexes.
While is it unclear if the configurations and access control in places around these services would enable them to be exploited, over the course of December 11th, 12th, and 13th, we have put the recommended mitigations in places to address this vunerability on all of the affected services that we maintain.
Please feel free to contact us for more information.