Migrate to Netlify Today

Netlify announces the next evolution of Gatsby Cloud. Learn more

ContactSign Up

Gatsby Statement on the Recent Log4j 2 Vulnerability

Mike Gualtieri
December 17th, 2021

Some of our customers have reached out to us, asking if Gatsby has been impacted by the recent critical risk vulnerability in the popular Log4j 2 library.  In short, no we haven’t.  Read on for more detail.

What happened?

On December 6, 2021 the Apache Foundation released an update to the popular Log4j 2 logging library that fixed a critically rated security vulnerability, rated 10.0 on the CVSS scoring framework.  The vulnerability in the JNDI logging extension could lead to Remote Command Execution and/or the leaking of sensitive server-side data.  The vulnerability was quickly weaponized, and by December 10, 2021 was being widely exploited across the internet.

Are Gatsby open source users or Gatsby Cloud customers affected?

No.  Beginning Friday December 10, 2021 as details emerged about impacted software suites, our Gatsby security team swiftly reviewed our infrastructure and application stack fully and did not find any affected systems or services that use the vulnerable Log4j 2 package.  Our technology stack does not typically employ Java-based applications.  A few of our vendor-supplied services are written on a Java technology stack, but were found to not be affected by the recent Log4j 2 vulnerability.

If you have any further security questions, feel free to reach out to security@gatsbyjs.com for more information.

Have any questions or feedback about this article? Reach out to me on Twitter at: @mlgualtieri.

Share on TwitterShare on LinkedInShare on FacebookShare via Email

Hacker, security researcher, entrepreneur. Purple Team. Avid gardener and ham radio operator. Known to make and break software. Loves reverse shells and hiking in the woods with my wife and kids.

Follow Mike Gualtieri on Twitter

Tagged with securityView all Tags

Talk to our team of Gatsby Experts to supercharge your website performance.

Contact Gatsby Now
© 2024 Gatsby, Inc.