Vision - Log4j (Log Shell) Vulnerability

Logistics UK remains committed to maintaining high standards of security across its products and systems to keep customers secure. To that end, we wanted to provide customers with reassurance regarding the recently discovered zero-day vulnerability in the Java logging library Log4j.

What happened?

On December 9, 2021, Apache publicly disclosed a remote code execution (RCE) vulnerability (CVE-2021-44228) in its popular Java logging library, Log4j (LogShell). Upon identification of the security advisory, we started our incident response process to evaluate the potential impact and promptly begin any steps required to remediate any exposure.

What have we done?

Our subsequent investigation has confirmed that we do not use any instances of Java in the Vision platform. We have taken advice from our 3rd party suppliers and applied the patches provided. Our systems are monitored and will be continued to be monitored against any threats.

We are therefore happy to confirm that the vision platform is not affected by this vulnerability. If new information comes to light regarding the issue we will of course review the situation again.

If you have any further questions please reach out to our support team on ithelpdesk@logistics.org.uk