🔥 Now Live: Our Latest Enterprise-Grade Feature - Live Call Routing!
Squadcast Updates
Product Updates

Log4j Security Response - Squadcast is not affected by RCE Vulnerability

Squadcast Community
Dec 16, 2021
Last Updated:
Dec 16, 2021
Share this post:
Log4j Security Response - Squadcast is not affected by RCE Vulnerability
Table of Contents:

    We at Squadcast firmly believe that the security of our platform and the data of our customers is of utmost importance. And we are transparent about any incident, especially if it threatens our security. To that end, we wanted to provide an update on the recently discovered zero-day vulnerability in the Java logging library - Log4j.

    What happened?

    On December 9, 2021, Apache publicly disclosed a remote code execution (RCE) vulnerability (CVE-2021-44228) in its popular Java logging library, Log4j. Since we do not use Log4j, Squadcast is not directly affected by the vulnerability. However, we’re auditing our integrations with critical vendors to ensure that there is no indirect impact.

    Our Findings

    Our own infrastructure is not vulnerable and hence, our platform is not impacted by this vulnerability. You can continue to use Squadcast and need not take any action for this vulnerability. One of our cloud-based vendors - Elasticsearch was vulnerable, but they've patched it as well.

    Additionally, Squadcast is not a Java shop, so we do not use either of our notification providers' - Twilio's or Plivo's Java libraries. Even if either of them are affected by the vulnerability, it does not impact us as a Twilio/Plivo client.

    Next steps

    We’re continuously following up with our critical vendors to ensure that they’re applying the appropriate patches to their systems if they’re impacted by the vulnerability. As of today, we do not see any impact with our critical vendors as well. We are continuing to monitor this issue and will determine whether additional actions are required and update this blog accordingly.

    For more information about our vendors, visit this page which has all the details about the Sub-processors of Squadcast.

    Update: 17 Dec 2021

    In the below table you can find the list of our vendors and their vulnerability status as of 17th Dec 2021. This table will be further updated on a regular basis.

    Product / Vendor Vulnerable Status Additional details
    Squadcast No Safe
    Squadcast Jira Plugin Yes Patched, Safe https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html

    https://confluence.atlassian.com/kb/faq-for-cve-2021-44228-1103069406.html
    Twilio Yes Patching in Progress https://www.twilio.com/blog/response-log4j-vulnerability
    Plivo No Safe
    Google Cloud Platform No Safe The product and versions being used by Squadcast are not vulnerable.

    https://cloud.google.com/log4j2-security-advisory
    Amazon Web Services Yes Patched, Safe https://aws.amazon.com/security/security-bulletins/AWS-2021-006/
    Stripe Yes Patched, Safe https://support.stripe.com/questions/update-for-apache-log4j-vulnerability-(cve-2021-44228)
    Chargebee No Safe Confirmed by vendor.
    Hubspot No Safe https://www.hubspot.com/log4j2
    Intercom Yes Patched, Safe https://www.intercomstatus.com/incidents/ss5hp81rhv1l?u=70vbc0dstm47
    LogDNA No Safe Confirmed by vendor.
    LogRocket Unknown Unknown We have reached out to the vendor for more details.
    Slack Yes Mitigation in place, patching in progress https://help.salesforce.com/s/articleView?id=000363736&type=1
    Segment.io - - Not using it anymore.
    Mixpanel No Safe https://community.mixpanel.com/data-management-10/log4j-vulnerability-6006
    MongoDB Yes, only Atlas search Patched, Safe https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb
    Mailchimp Unknown Unknown We have reached out to the vendor for more details.
    Zendesk Yes Mitigation in progress https://support.zendesk.com/hc/en-us/articles/4413583476122
    OneSignal No Safe https://onesignal.com/blog/onesignal-is-not-impacted-by-lo/
    Userflow Unknown Unknown We have reached out to the vendor for more details.
    Mailgun Yes Patched, Safe https://status.mailgun.com/
    ElasticSearch Yes Patched, Safe https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476
    What you should do now
    • Schedule a demo with Squadcast to learn about the platform, answer your questions, and evaluate if Squadcast is the right fit for you.
    • Curious about how Squadcast can assist you in implementing SRE best practices? Discover the platform's capabilities through our Interactive Demo.
    • Enjoyed the article? Explore further insights on the best SRE practices.
    • Schedule a demo with Squadcast to learn about the platform, answer your questions, and evaluate if Squadcast is the right fit for you.
    • Curious about how Squadcast can assist you in implementing SRE best practices? Discover the platform's capabilities through our Interactive Demo.
    • Enjoyed the article? Explore further insights on the best SRE practices.
    • Get a walkthrough of our platform through this Interactive Demo and see how it can solve your specific challenges.
    • See how Charter Leveraged Squadcast to Drive Client Success With Robust Incident Management.
    • Share this blog post with someone you think will find it useful. Share it on Facebook, Twitter, LinkedIn or Reddit
    • Get a walkthrough of our platform through this Interactive Demo and see how it can solve your specific challenges.
    • See how Charter Leveraged Squadcast to Drive Client Success With Robust Incident Management
    • Share this blog post with someone you think will find it useful. Share it on Facebook, Twitter, LinkedIn or Reddit
    • Get a walkthrough of our platform through this Interactive Demo and see how it can solve your specific challenges.
    • See how Charter Leveraged Squadcast to Drive Client Success With Robust Incident Management
    • Share this blog post with someone you think will find it useful. Share it on Facebook, Twitter, LinkedIn or Reddit
    What you should do now?
    Here are 3 ways you can continue your journey to learn more about Unified Incident Management
    Explore our Interactive Demo
    Discover the platform's capabilities through our Interactive Demo.
    Read Success Stories
    See how Charter Leveraged Squadcast to Drive Client Success With Robust Incident Management.
    Share the article
    Share this blog post on Facebook, Twitter, Reddit or LinkedIn.
    Schedule a Demo session
    We’ll show you how Squadcast works and help you figure out if Squadcast is the right fit for you.
    Start 14 Day Free trial
    Experience the benefits of Squadcast's Incident Management and On-Call solutions firsthand.
    Pricing Page
    Compare our plans and find the perfect fit for your business.
    Read Success Stories
    See Redis' Journey to Efficient Incident Management through alert noise reduction With Squadcast.
    Explore Our Interactive Demo
    Discover the platform's capabilities through our Interactive Demo.
    Schedule a Demo session
    We’ll show you how Squadcast works and help you figure out if Squadcast is the right fit for you.
    Start 14 Day Free trial
    Experience the benefits of Squadcast's Incident Management and On-Call solutions firsthand.
    Compare Squadcast & PagerDuty / Opsgenie
    Compare and see if Squadcast is the right fit for your needs.
    Pricing Page
    Compare our plans and find the perfect fit for your business.
    Read Success Stories
    Learn how Scoro created a solid foundation for better on-call practices with Squadcast.
    Explore Our Interactive Demo
    Discover the platform's capabilities through our Interactive Demo.
    Schedule a Demo session
    We’ll show you how Squadcast works and help you figure out if Squadcast is the right fit for you.
    Start 14 Day Free trial
    Experience the benefits of Squadcast's Incident Management and On-Call solutions firsthand.
    Schedule a Demo session
    We’ll show you how Squadcast works and help you figure out if Squadcast is the right fit for you.
    Read Success Stories
    Learn how Scoro created a solid foundation for better on-call practices with Squadcast.
    Schedule a Demo session
    We’ll show you how Squadcast works and help you figure out if Squadcast is the right fit for you.
    Explore Our Interactive Demo
    Discover the platform's capabilities through our Interactive Demo.
    Read More Articles
    Enjoyed the article? Explore further insights on the best SRE practices.
    Schedule a Demo session
    We’ll show you how Squadcast works and help you figure out if Squadcast is the right fit for you.
    Start 14 Day Free trial
    Experience the benefits of Squadcast's Incident Management and On-Call solutions firsthand.
    Read More Articles
    Enjoyed the article? Explore further insights on the best SRE practices.
    Written By:
    Squadcast Community
    December 16, 2021
    Squadcast Community
    December 16, 2021
    Share this post:
    Subscribe to our LinkedIn Newsletter to receive more educational content
    Subscribe now

    Subscribe to our latest updates

    Enter your Email Id
    Thank you! Your submission has been received!
    Oops! Something went wrong while submitting the form.
    More from Squadcast
    Squadcast Ranks in the Top 10 Incident Management Tools Report by G2
    Squadcast Ranks in the Top 10 Incident Management Tools Report by G2
    Introducing Squadcast’s Intelligent Alert Grouping and Snooze Notifications
    Introducing Squadcast’s Intelligent Alert Grouping and Snooze Notifications
    2023 Rewind: Squadcast Year-End Review
    2023 Rewind: Squadcast Year-End Review
    FAQ
    More from
    Squadcast Community
    Helm Dry Run: Guide & Best Practices
    Helm Dry Run: Guide & Best Practices
    Helm Dry Run: Guide & Best Practices
    Helm Dry Run: Guide & Best Practices
    August 27, 2023
    Read More
    Azure Monitoring Agent: Key Features & Benefits
    Azure Monitoring Agent: Key Features & Benefits
    Azure Monitoring Agent: Key Features & Benefits
    Azure Monitoring Agent: Key Features & Benefits
    August 13, 2023
    Read More
    Docker Compose Logs: Guide & Best Practices
    Docker Compose Logs: Guide & Best Practices
    Docker Compose Logs: Guide & Best Practices
    Docker Compose Logs: Guide & Best Practices
    July 2, 2023
    Read More
    Squadcast Updates
    Product Updates

    Log4j Security Response - Squadcast is not affected by RCE Vulnerability

    Log4j Security Response - Squadcast is not affected by RCE Vulnerability
    Squadcast Community
    Dec 16, 2021
    Last Updated:
    Dec 16, 2021

    We at Squadcast firmly believe that the security of our platform and the data of our customers is of utmost importance. And we are transparent about any incident, especially if it threatens our security. To that end, we wanted to provide an update on the recently discovered zero-day vulnerability in the Java logging library - Log4j.

    What happened?

    On December 9, 2021, Apache publicly disclosed a remote code execution (RCE) vulnerability (CVE-2021-44228) in its popular Java logging library, Log4j. Since we do not use Log4j, Squadcast is not directly affected by the vulnerability. However, we’re auditing our integrations with critical vendors to ensure that there is no indirect impact.

    Our Findings

    Our own infrastructure is not vulnerable and hence, our platform is not impacted by this vulnerability. You can continue to use Squadcast and need not take any action for this vulnerability. One of our cloud-based vendors - Elasticsearch was vulnerable, but they've patched it as well.

    Additionally, Squadcast is not a Java shop, so we do not use either of our notification providers' - Twilio's or Plivo's Java libraries. Even if either of them are affected by the vulnerability, it does not impact us as a Twilio/Plivo client.

    Next steps

    We’re continuously following up with our critical vendors to ensure that they’re applying the appropriate patches to their systems if they’re impacted by the vulnerability. As of today, we do not see any impact with our critical vendors as well. We are continuing to monitor this issue and will determine whether additional actions are required and update this blog accordingly.

    For more information about our vendors, visit this page which has all the details about the Sub-processors of Squadcast.

    Update: 17 Dec 2021

    In the below table you can find the list of our vendors and their vulnerability status as of 17th Dec 2021. This table will be further updated on a regular basis.

    Product / Vendor Vulnerable Status Additional details
    Squadcast No Safe
    Squadcast Jira Plugin Yes Patched, Safe https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html

    https://confluence.atlassian.com/kb/faq-for-cve-2021-44228-1103069406.html
    Twilio Yes Patching in Progress https://www.twilio.com/blog/response-log4j-vulnerability
    Plivo No Safe
    Google Cloud Platform No Safe The product and versions being used by Squadcast are not vulnerable.

    https://cloud.google.com/log4j2-security-advisory
    Amazon Web Services Yes Patched, Safe https://aws.amazon.com/security/security-bulletins/AWS-2021-006/
    Stripe Yes Patched, Safe https://support.stripe.com/questions/update-for-apache-log4j-vulnerability-(cve-2021-44228)
    Chargebee No Safe Confirmed by vendor.
    Hubspot No Safe https://www.hubspot.com/log4j2
    Intercom Yes Patched, Safe https://www.intercomstatus.com/incidents/ss5hp81rhv1l?u=70vbc0dstm47
    LogDNA No Safe Confirmed by vendor.
    LogRocket Unknown Unknown We have reached out to the vendor for more details.
    Slack Yes Mitigation in place, patching in progress https://help.salesforce.com/s/articleView?id=000363736&type=1
    Segment.io - - Not using it anymore.
    Mixpanel No Safe https://community.mixpanel.com/data-management-10/log4j-vulnerability-6006
    MongoDB Yes, only Atlas search Patched, Safe https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb
    Mailchimp Unknown Unknown We have reached out to the vendor for more details.
    Zendesk Yes Mitigation in progress https://support.zendesk.com/hc/en-us/articles/4413583476122
    OneSignal No Safe https://onesignal.com/blog/onesignal-is-not-impacted-by-lo/
    Userflow Unknown Unknown We have reached out to the vendor for more details.
    Mailgun Yes Patched, Safe https://status.mailgun.com/
    ElasticSearch Yes Patched, Safe https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476
    What you should do now
    • Schedule a demo with Squadcast to learn about the platform, answer your questions, and evaluate if Squadcast is the right fit for you.
    • Curious about how Squadcast can assist you in implementing SRE best practices? Discover the platform's capabilities through our Interactive Demo.
    • Enjoyed the article? Explore further insights on the best SRE practices.
    • Schedule a demo with Squadcast to learn about the platform, answer your questions, and evaluate if Squadcast is the right fit for you.
    • Curious about how Squadcast can assist you in implementing SRE best practices? Discover the platform's capabilities through our Interactive Demo.
    • Enjoyed the article? Explore further insights on the best SRE practices.
    • Get a walkthrough of our platform through this Interactive Demo and see how it can solve your specific challenges.
    • See how Charter Leveraged Squadcast to Drive Client Success With Robust Incident Management.
    • Share this blog post with someone you think will find it useful. Share it on Facebook, Twitter, LinkedIn or Reddit
    • Get a walkthrough of our platform through this Interactive Demo and see how it can solve your specific challenges.
    • See how Charter Leveraged Squadcast to Drive Client Success With Robust Incident Management
    • Share this blog post with someone you think will find it useful. Share it on Facebook, Twitter, LinkedIn or Reddit
    • Get a walkthrough of our platform through this Interactive Demo and see how it can solve your specific challenges.
    • See how Charter Leveraged Squadcast to Drive Client Success With Robust Incident Management
    • Share this blog post with someone you think will find it useful. Share it on Facebook, Twitter, LinkedIn or Reddit
    What you should do now?
    Here are 3 ways you can continue your journey to learn more about Unified Incident Management
    Explore our Interactive Demo
    Discover the platform's capabilities through our Interactive Demo.
    Read Success Stories
    See how Charter Leveraged Squadcast to Drive Client Success With Robust Incident Management.
    Share the article
    Share this blog post on Facebook, Twitter, Reddit or LinkedIn.
    Schedule a Demo session
    We’ll show you how Squadcast works and help you figure out if Squadcast is the right fit for you.
    Start 14 Day Free trial
    Experience the benefits of Squadcast's Incident Management and On-Call solutions firsthand.
    Pricing Page
    Compare our plans and find the perfect fit for your business.
    Read Success Stories
    See Redis' Journey to Efficient Incident Management through alert noise reduction With Squadcast.
    Explore Our Interactive Demo
    Discover the platform's capabilities through our Interactive Demo.
    Schedule a Demo session
    We’ll show you how Squadcast works and help you figure out if Squadcast is the right fit for you.
    Start 14 Day Free trial
    Experience the benefits of Squadcast's Incident Management and On-Call solutions firsthand.
    Compare Squadcast & PagerDuty / Opsgenie
    Compare and see if Squadcast is the right fit for your needs.
    Pricing Page
    Compare our plans and find the perfect fit for your business.
    Read Success Stories
    Learn how Scoro created a solid foundation for better on-call practices with Squadcast.
    Explore Our Interactive Demo
    Discover the platform's capabilities through our Interactive Demo.
    Schedule a Demo session
    We’ll show you how Squadcast works and help you figure out if Squadcast is the right fit for you.
    Start 14 Day Free trial
    Experience the benefits of Squadcast's Incident Management and On-Call solutions firsthand.
    Schedule a Demo session
    We’ll show you how Squadcast works and help you figure out if Squadcast is the right fit for you.
    Read Success Stories
    Learn how Scoro created a solid foundation for better on-call practices with Squadcast.
    Schedule a Demo session
    We’ll show you how Squadcast works and help you figure out if Squadcast is the right fit for you.
    Explore Our Interactive Demo
    Discover the platform's capabilities through our Interactive Demo.
    Read More Articles
    Enjoyed the article? Explore further insights on the best SRE practices.
    Schedule a Demo session
    We’ll show you how Squadcast works and help you figure out if Squadcast is the right fit for you.
    Start 14 Day Free trial
    Experience the benefits of Squadcast's Incident Management and On-Call solutions firsthand.
    Read More Articles
    Enjoyed the article? Explore further insights on the best SRE practices.
    Written By:
    Squadcast Community
    December 16, 2021
    Squadcast Community
    December 16, 2021
    Share this post:

    Subscribe to our latest updates

    Thank you! Your submission has been received!
    Oops! Something went wrong while submitting the form.
    Related Posts
    Squadcast Ranks in the Top 10 Incident Management Tools Report by G2
    Squadcast Ranks in the Top 10 Incident Management Tools Report by G2
    Introducing Squadcast’s Intelligent Alert Grouping and Snooze Notifications
    Introducing Squadcast’s Intelligent Alert Grouping and Snooze Notifications
    2023 Rewind: Squadcast Year-End Review
    2023 Rewind: Squadcast Year-End Review
    In this blog:
      Subscribe to our LinkedIn Newsletter to receive more educational content
      Subscribe now
      FAQ
      Learn how organizations are using Squadcast
      to maintain and improve upon their Reliability metrics
      Learn how organizations are using Squadcast to maintain and improve upon their Reliability metrics
      mapgears
      "Mapgears simplified their complex On-call Alerting process with Squadcast.
      Squadcast has helped us aggregate alerts coming in from hundreds...
      Read Case Study
      bibam
      "Bibam found their best PagerDuty alternative in Squadcast.
      By moving to Squadcast from Pagerduty, we have seen a serious reduction in alert fatigue, allowing us to focus...
      Read Case Study
      tanner
      "Squadcast helped Tanner gain system insights and boost team productivity.
      Squadcast has integrated seamlessly into our DevOps and on-call team's workflows. Thanks to their reliability...
      Read Case Study
      Alexandre Lessard
      System Analyst
      Martin do Santos
      Platform and Architecture Tech Lead
      Sandro Franchi
      CTO
      Squadcast is a leader in Incident Management on G2 Squadcast is a leader in Mid-Market IT Service Management (ITSM) Tools on G2 Squadcast is a leader in Americas IT Alerting on G2 Best IT Management Products 2022 Squadcast is a leader in Europe IT Alerting on G2 Squadcast is a leader in Mid-Market Asia Pacific Incident Management on G2 Users love Squadcast on G2
      Squadcast awarded as "Best Software" in the IT Management category by G2 🎉 Read full report here.
      What our
      customers
      have to say
      mapgears
      "Mapgears simplified their complex On-call Alerting process with Squadcast.
      Squadcast has helped us aggregate alerts coming in from hundreds of services into one single platform. We no longer have hundreds of...
      Read Case Study
      Alexandre Lessard
      System Analyst
      bibam
      "Bibam found their best PagerDuty alternative in Squadcast.
      By moving to Squadcast from Pagerduty, we have seen a serious reduction in alert fatigue, allowing us to focus...
      Read Case Study
      Martin do Santos
      Platform and Architecture Tech Lead
      tanner
      "Squadcast helped Tanner gain system insights and boost team productivity.
      Squadcast has integrated seamlessly into our DevOps and on-call team's workflows. Thanks to their reliability metrics we have...
      Read Case Study
      Sandro Franchi
      CTO
      Case Studies
      Revamp your Incident Response.
      Peak Reliability
      Easier, Faster, More Automated with SRE.
      Schedule a 1:1 Demo
      Incident Response Mobility
      Manage incidents on the go with Squadcast mobile app for Android and iOS devices
      google playapple store
      Product
      Features
      Integrations
      Pricing
      Mobile Incident Management
      Product Demo
      COMPARE
      PagerDuty Alternative
      Opsgenie Alternative
      Solutions
      SRE Tools
      IT Alerting
      IT Incident Management
      Status Page
      Runbooks
      How to Reduce MTTR
      Modern Incident Response Platform
      Incident Postmortem
      Company
      About Us
      Partners
      Contact Us
      Careers
      Support
      Getting Started
      Submit a Ticket
      Service Status
      Resources
      Blog
      Case Studies
      Developer Resources
      Community
      SRE Best Practices
      Error Budget Calculator
      Pagerduty to Squadcast: Savings Calculator
      google playapple store
      Squadcast - On-call shouldn't suck. Incident response for SRE/DevOps, IT | Product Hunt Embed
      Squadcast is a leader in Incident Management on G2 Squadcast is a leader in Mid-Market IT Service Management (ITSM) Tools on G2 Squadcast is a leader in Americas IT Alerting on G2 Best IT Management Products 2024 Squadcast is a leader in Europe IT Alerting on G2 Squadcast is a leader in Enterprise Incident Management on G2 Users love Squadcast on G2
      Squadcast is a leader in Incident Management on G2 Squadcast is a leader in Mid-Market IT Service Management (ITSM) Tools on G2 Squadcast is a leader in Americas IT Alerting on G2
      Best IT Management Products 2024 Squadcast is a leader in Europe IT Alerting on G2 Squadcast is a leader in Enterprise Incident Management on G2
      Users love Squadcast on G2
      Copyright © Squadcast Inc. 2017-2024