A zero-day exploit for a vulnerability in the popular Apache Log4j library (CVE-2021-44228, https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228) was made public on December 9, 2021. This exploit allows attackers to execute arbitrary code on the vulnerable system.
While this exploit does not affect our primary web hosting infrastructure, it could affect the Java-based Apache Solr service that we provide to our customers for high-performance content search. We applied a configuration change that mitigates the vulnerability.
Having neutralized the immediate threat, we will monitor the situation and take additional measures if necessary.