Log4j is a Java library that adds a drop-in functionality to many online software products. For an end user it’s not something they would generally download and use. It’s a Java library that would be included as part of the software. Because of that, end users aren’t generally aware if the software they use contain the vulnerability. The log4j vulnerability is rated at 10 on a scale of 1 to 10, with 10 representing the most dangerous level of vulnerability.
The popular cPanel web hosting server control panel software recently issued a patch to fix a critical flaw in the log4j Java library discovered in part of the software used for email. The vulnerability itself is named, Log4Shell.
Our team is currently investigating CVE-2021-44228, a critical vulnerability that’s affecting a Java logging package log4j which is used in a significant amount of software, including Apache, Apple iCloud, Steam, Minecraft and others. Our security team is actively monitoring the effects of this vulnerability.
At this point, we have not identified an impact to the HDWEBPROVIDER Platform, but our teams are monitoring activities to ensure all instances of our back-end are safe and will be taking appropriate action as needed.
The only cPanel service affected by the log4j vulnerability was the Dovecot Solr cPanel plugin which we are NOT using our servers. We already did not recommend that plugin because of its higher resource usage for no real benefits to IMAP searches.
cPanel has already put out a patch for this as of Friday and our servers and cloud network is fully secured against this vulnerability.