SecureSafe and DSwiss not affected by log4j security vulnerability13-12-2021 Author: DSwiss
DSwiss does not use log4j as a standard logging framework. Therefore, we can confirm that our services (SecureSafe, eSafe instances and backend services) are not affected by the log4j vulnerability.
When the vulnerability was first disclosed on Friday 10th of December the DSwiss security team immediately assessed the exposure level of all DSwiss services. Over the course of the weekend additional tests were conducted to validate the exposure level of DSwiss.
At this poin we can confirm that:
- None of the production services - specially the eSafe instances
- None of the back-end services supporting production services are affected by the log4j vulnerability.