We use cookies to make HubSpot's community a better place. Cookies help to provide a more personalized experience and relevant advertising for you, and web analytics for us. To learn more, and to see a full list of cookies we use, check out our Cookie Policy (baked goods not included).

Allow cookies
Reject

APIs & Integrations

Search APIs & Integrations for solutions or ask a question
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
PRDuque

‎Dec 14, 2021 6:08 AM

Participant

Log4J day-zero exploit CVE-2021-44228

SOLVE

Since Hubspot uses Log4J (https://product.hubspot.com/blog/bid/6011/log4j-dynamic-appender-configuration), does anyone knows what mitigation measures have been taken to deal with day-zero exploit CVE-2021-44228 ?

 

HubSpot uses Cloudflare (https://www.cloudflare.com/case-studies/hubspot/), and Cloudflare has already initiated mitigation measures (https://info.cloudflare.com/index.php/email/emailWebview?mkt_tok=NzEzLVhTQy05MTgAAAGBRbAScyE5IiQgYSp...).

 

But has HubSpot initiated some mitigation measures  by themselfs ?

Workaround
1 Accepted solution
jonathanhaber
Solution
HubSpot Product Team

‎Dec 14, 2021 6:43 PM

HubSpot Product Team

Log4J day-zero exploit CVE-2021-44228

SOLVE

We've published a landing page that will hopefully be helpful:

https://www.hubspot.com/log4j2

View solution in original post

4 Replies 4
jonathanhaber
Solution
HubSpot Product Team

‎Dec 14, 2021 6:43 PM

HubSpot Product Team

Log4J day-zero exploit CVE-2021-44228

SOLVE

We've published a landing page that will hopefully be helpful:

https://www.hubspot.com/log4j2

DSidler

‎Dec 15, 2021 3:45 AM

Participant

Log4J day-zero exploit CVE-2021-44228

SOLVE

Thanks @jonathanhaber , this is very useful.

Not sure if already discussed, but it would be tremendously helpful if such information could be pushed out to us admins proactively. It took me some googling to even find this thread. 

dennisedson
HubSpot Product Team

‎Dec 14, 2021 2:25 PM

HubSpot Product Team

Log4J day-zero exploit CVE-2021-44228

SOLVE

@PRDuque 

HubSpot is aware of CVE-2021-44228 and we have performed a thorough check of our systems and have seen no indications of any impact from this vulnerability at this time. Out of an abundance of caution, our team is continuing to monitor this event. Customers don't need to take any action at this time.

PRDuque

‎Dec 14, 2021 2:39 PM

Participant

Log4J day-zero exploit CVE-2021-44228

SOLVE
Have you updated all projects to log4j latest version, and deployed it to production?
Sunny

Sign up for the Developer Newsletter

Fresh content delivered to your inbox every month.
Log4J day-zero exploit CVE-2021-44228
We've published a landing page that will hopefully be helpful: https://www.hubspot.com/log4j2
We've published a landing page that will hopefully be helpful: https://www.hubspot.com/log4j2
Developers
Dec 15, 2021