Blackline Safety is aware of the risks associated with the recent Log4j vulnerability and we want to assure our customers we are mitigating any risks by taking proactive steps to ensure the integrity of your data. We have surveyed our infrastructure and compiled our list of potentially impacted components and tools. At this time, our assessment of our overall risk is low to moderate.
Next steps will include:
- Upgrading the Log4j component to the release 2.17.0, which is the latest released version from the Apache Foundation that covers the known vulnerabilities.
- All internal patching of production safety systems and tooling, which will be completed this week.
- Patching and upgrading of Blackline Live and Blackline Analytics software will begin immediately thereafter and completed rapidly—no later than December 28, 2021.
No customer action is necessary at this time.
We will continue to monitor the situation and provide updates as necessary.