Company PagePlatform Status

Log4j Vulnerability

Flow is working diligently to protect our customers, products, and partner ecosystem from the impact of the Log4j vulnerabilities. We have evaluated the impact of the issues across all our services and completed an assessment of these vulnerabilities.

Flow teams are monitoring the evolving information around these issues, adapting as conditions change and determining the best possible resolution options for our customers. We are continually monitoring the vulnerability information available for all updates.

Security Advisories

Assessment

Compute

  • Compute Instances (including Flow Cloud Servers) are not vulnerable to the Log4j security vulnerability. Our team reviewed its tech stack, found three areas of concern, and issued a patch to close the concern.

  • Compute Images / Templates does not use Log4j. However, we recognize that customers may run vulnerable applications. We encourage you to review the applications you run for potential impact information on this vulnerability.

Mac Bare Metal

  • Mac Bare Metal does not use Log4j. However, we recognize that customers may run vulnerable applications. We encourage you to review the applications you run for potential impact information on this vulnerability.

Kubernetes

  • Kubernetes does not use Log4j. Therefore, no additional patches or mitigation activity is required at this time.

App Engine

  • App Engine does not use Log4j. However, we recognize that customers may run vulnerable applications. We encourage you to review the applications you run for potential impact information on this vulnerability.

  • As an addition from a certified templates perspective, JavaEngine and WildFly templates contain log4j-api but not log4j-core. According to LOG4J2-3201 customers which only depend on log4j-api are not affected by this vulnerability.

Object Storage

  • Spaces does not use Log4j. Therefore, no additional patches or mitigation activity is required at this time.

Volumes / Snapshots

  • Volumes does not use Log4j. Therefore, no additional patches or mitigation activity is required at this time.

Networking

  • Networking does not use a vulnerable version of Log4j. Therefore, no additional patches or mitigation activity is required at this time.

PreviousSecurity & ComplianceNextRegions

Last updated