TrackAbout | Blog

The log4shell Security Vulnerability

Written by Larry Silverman | Dec 17, 2021 6:30:00 PM

TrackAbout would like to put our customers' minds at ease regarding any exposure to the serious vulnerability known as "log4shell" (see Wikipedia reference here).


No TrackAbout customer-facing web or mobile applications are vulnerable to log4shell.

 

None of our applications are built using Java, and therefore do not use the Apache log4j library at the heart of the vulnerability.

 

TrackAbout's apps are all written in Microsoft's .NET C# programming language and are therefore not vulnerable to log4shell.

 

We have audited all internal systems and we do not have any internal exposure to log4shell.

 

In keeping with our SOC-2 compliance best-practices, we are following up with all TrackAbout sub-processors to acquire their attestations. We are nearly done with this exercise. If any sub-processors are found to be of concern, we will update this blog post.

 

Larry Silverman
Chief Technology Officer
TrackAbout, Inc.