On December, 9th, 2021 a security vulnerability in Apache Log4j (a logging tool used in many Java-based applications) was disclosed and immediately raised an alert all over the world due to its critical severity (CVE-2021-44228). This issue, also known as “Log4Shell”, allows unauthorized attackers to execute code on vulnerable systems.
Even though brains.app itself does not use Java with Log4J on any user-facing services, we do have some internal platforms that use this technology. We have taken all the appropriate measures to mitigate the vulnerability and protect our system. Any libraries or platforms which use Log4J have been updated to versions released in response to this vulnerability, and we have also applied a configuration change recommended by the Apache Foundation which removes the underlying security risk entirely. Our Engineering and Cybersecurity teams have immediately worked to verify this issue, and we continue monitoring our systems to tackle any attempt to exploit this vulnerability.
We want to reassure our customers that this extremely critical vulnerability has no impact on the brains.app platform.
If you have any questions, feel free to contact our team at firstname.lastname@example.org.