LambdaTest actively follows security vulnerabilities in the open-source Apache “Log4j 2” utility (CVE-2021-44228). We have identified all our applications and services using Log4j 2 and have patched all required Java-based applications. In addition, our security team has closely monitored for any other exploit.
Additionally, we are working with all our vendors to monitor other affected services and patch (or remediate) them as required (on an urgent basis).
Our Engineering and InfoSec teams have updated all internal services that directly or indirectly use Log4j. We have continuously monitored for exploit attempts and have not detected any attacks against our infrastructure.
In addition, we have deployed adequate measures in place for tracking any suspected attacks that are looking to exploit this vulnerability.
To know more about the LambdaTest’s Response to Log4j that resulted in Mitigating Risk for Customers go through the following updates: