On Friday, December 10th, 2021, it came to light that a previously unknown zero-day vulnerability (CVE-2021-44228) was being exploited in Java-based software. It is commonly being referred to as log4j. Log4j is a popular Java logging library incorporated into a wide range of Apache software. 

Are Silex Product Affected?

Our engineering team has not identified any exposure to the vulnerability in Silex products. We have confirmed that none of the products in our product portfolio are impacted by this vulnerable library as we do not use the affected library in any of our products.

Is there anything you can do?

Apache is an HTTP server that is open-source, cross-platform that is used in many applications and products, which is why the rate of attacks and exposure is increasing exponentially. Even though our products do not use the vulnerable software library, you should check for other components in your end product and other third-party software vendors to verify they are also performing investigations and remediation.