A widely used chunk of software code used to do logging on much of the internet called log4j has been identified as having a bug by the broader cyberspace community. Many companies across the world are working around the clock to find and patch the vulnerability in their systems that use log4j code in their software.
How Has SparkPost Addressed the log4j Vulnerability?
Upon the announcement on December 9th, our dedicated Security and Engineering teams immediately began work on identifying components vulnerable to log4j within services that SparkPost manages directly, as well as services provided by our partners. We patched the exploitable components where patching is available. In addition, we performed proactive measures to update related components and we continue to rely on our defense-in-depth approach to security by ensuring both preventive and detective controls are in place. At this time we have not detected, nor do we suspect, any anomalous activities to be present within our products; we will continue to monitor this situation to ensure the security of our environments.
What Do You Need to Do?
As a SparkPost customer, there is no action needed on your end in relation to your SparkPost solutions at this time.
As always, If you have any questions or concerns please submit a support ticket or reach out to your assigned TAM or CSM.
Happy Holidays and safe email sending!