Sovos Response to Apache Log4J Vulnerability

Sovos is aware of the Log4J vulnerability (now known as “Log4Shell”) revealed on December 10, and we have taken expedited action to mitigate the threat associated with this issue.

The Log4Shell vulnerability applies only to products that use Java code. (Many Sovos solutions do not.) For those products that do include Java code, we quickly remediated critical core services, and in an abundance of caution, we have temporarily removed Internet access for non-essential services. Sovos has applied robust detection and alerting mechanisms within our environments; our teams will be alerted to any intrusion attempt at any time of day or night. Thus far, we have not observed any attempted compromise.

Finally, we have deployed the recommended updates and configuration to our hosted products, and we are in the process of addressing on-premise needs. We’ll provide details to on-premise customers once we complete testing.

If you have any questions, please reach out to Sovos support.