What is FiNG’s exposure to Log4J?

Pscampbe
Pscampbe Member, Beta Tester Posts: 2
Second Anniversary Photogenic

I hear that Log4J is a bad vulnerability but I can’t find anything that indicates ding’s exposure to it. Can someone point me to any docco that exists?

Tagged:
Denggum

Answers

  • Marc
    Marc Moderator, Beta Tester Posts: 3,028
    250 Answers 1,000 Likes 2500 Comments 250 Awesomes
    ✭✭✭✭✭✭✭
    @Pscampbe, great question. @Dylan_From_Fing or @Robin_from_Fing, are you at liberty to disclose whether your site been certified as free from log4j Java logging heck or conversely upgraded to whatever version today is no longer vulnerable?
    Thats Daphnee, she's a good dog...
  • Robin_Ex_Fing
    Robin_Ex_Fing Member Posts: 5,293
    5000 Comments 250 Answers 500 Likes 100 Awesomes
    ✭✭✭✭✭✭✭
    Pscampbe said:

    I hear that Log4J is a bad vulnerability but I can’t find anything that indicates ding’s exposure to it. Can someone point me to any docco that exists?

    At this point, we can share that we regularly check for vulnerabilities and correct them if found any. If user has found any vulnerability on Fing website then they can share with us and we act as priority.
    Robin (Admin at Fing)
    Getting Started? Please refer to Community guidelines & Community User Guides. HAPPY POSTING!!!
    Marc
  • Crowgrandfather
    Crowgrandfather Member, Beta Tester Posts: 91
    Second Anniversary 5 Answers 25 Likes 10 Comments
    ✭✭✭

    What about the actual FingBox itself? Is it running Log4J?

  • Robin_Ex_Fing
    Robin_Ex_Fing Member Posts: 5,293
    5000 Comments 250 Answers 500 Likes 100 Awesomes
    ✭✭✭✭✭✭✭
    Fingbox itself is not based on Java and therefore it's not affected by the log4j vulnerability. Whole Fing infrastructure of consumer and business services, including device recognition, is not affected: although part of the backend is Java-based and makes use of the log4j library, the versions used and the related configurations are not affected by this critical vulnerability.
    Robin (Admin at Fing)
    Getting Started? Please refer to Community guidelines & Community User Guides. HAPPY POSTING!!!
    cjohlandt