Zingtree is 100% committed to the safeguarding of all its clients' data and those who interact with the company in all facets of communications. A recent vulnerability has been identified in Apache Log4j2, which is a widely used logging package for Java. The vulnerability, which can allow an attacker to execute arbitrary code by sending crafted log messages, has been identified as CVE-2021-44228 and given the name Log4Shell.

Fortunately, Zingtree does not use Apache Log4j in our current software stack. Therefore, we are not prone to the exploits of the Apache Log4j2/Log4Shell vulnerability. Additionally, our Cloudflare web application firewall (WAF) is also automatically configured to block requests if someone were attempting to exploit this or other such vulnerabilities.

Please feel free to contact us at security@zingtree.com should you have questions or require any further information. Thank you.

Created December 14, 2021