updates updates

Snyk's Cloud Platform all clear from Log4j exploits




Snyk can confirm that within 24 hours of publishing CVE-2021-44228 in our vulnerability database all services that compose Snyk’s Cloud Platform running Apache’s vulnerable Log4j library have been patched to the latest version. We have not detected any successful attempts at exploitation of this attack vector during that time window.

Snyk’s security response to events pertaining to the Log4j remote code execution vulnerability (RCE) is also strengthened by our defense in depth that leverages network-based firewalls, web application firewalls, anomaly detection with our platform environment, and is supplemented by our ongoing ISO/IEC 27001:2013 certification process and ISAE3402 SOC2 Type II annual report, available to customers on request.

Today customers can also leverage the Snyk Platform to understand what steps they can take to ensure their services are also secure from CVE-2021-44228 and much more.