Liquid Intelligent Technologies (Liquid) is aware of the vulnerability in the Log4j open source logging library (CVE-2021-44228 – https://nvd.nist.gov/vuln/detail/CVE-2021-44228), and has been actively monitoring developments since the vulnerability was detected.
We have assessed and where possible patched all systems which are directly affected. We are also actively monitoring our networks and systems and have deployed mitigation measures to address vulnerabilities that have not yet been identified and/or where patches are not yet available.
We are working closely with our hardware and software vendors to identify where Log4j is used in products they supply that we in turn use in our environments or on sell or lease to our customers. As these vendors develop patches or workarounds we deploy these as soon as they are available.
We have also been working directly with customers to assist in mitigating potential vulnerabilities in regard to the potential severity and rapid evolution of the vulnerability. Liquid encourages all our customers and suppliers to prioritise patching their systems as soon as possible.