There was a recent announcement of a widespread Apache Log4j vulnerability affecting the industry. This critical vulnerability has the potential to lead to the compromise of applications, systems, and data. At this time, we have not discovered any malicious activity related to this vulnerability that may impact the platform or customer data. We discovered that some services within Reltio included the Log4j vulnerability, and our teams quickly applied measures to mitigate potential risks related to those services.
In response to the identification of this vulnerability, we took proactive steps to minimize the risks associated with the vulnerability, including the following:
Additionally, for Reltio Customers using ROCS, we want to share the update that Reltio's Open Collaboration Service (ROCS) utilities have been updated to address the recently announced Apache Log4j vulnerability. Please upgrade to the latest versions as soon as possible to minimize risk.
We are currently updating platform services and ROCS utilities to the latest 2.17.0 version of Log4j.
Updated Reltio's Open Collaboration Service (ROCS) utilities:
util-attributes
util-bulkdelete
util-dataload-archive
util-dataload-processor
util-datamodelextract
util-export
util-jsongenerator-archive
util-jsongenerator-core
util-mergereport
util-metadata-security-service
util-pin-report
util-rdm-dataextract
util-rdm-dataloader
util-rdm-json-generation
util-rdmdelete
util-workflow-report
util_tagdelete
pot-mat data extract
If a utility has been revised as part of your implementation, then please update the Log4j dependency to the latest 2.17.0 version.
We will continue to monitor the situation and provide relevant updates. If you have any questions, please reach out to me at security@reltio.com.