From XU Magazine, 
Online News

An important update on the Zero-day vulnerability in Apache

December 13, 2021

This article originated from the Xero blog. The XU Hub is an independent news and media platform - for Xero users, by Xero users. Any content, imagery and associated links below are directly from Xero and not produced by the XU Hub.
You can find the original post here:
https://devblog.xero.com/an-important-update-zero-day-vulnerability-in-apache-e3f3912fd492

You may have heard about the zero-day vulnerability announced by Apache, which has impacted a number of companies across the globe. This newly discovered vulnerability allows for unauthenticated remote code execution.

Cloud Security Vectors by Vecteezy

Log4j is an open source Java logging library developed by the Apache Foundation. Log4j is widely used in server infrastructure, applications and in many digital services.

Xero takes a multi-layered approach to ensure that the security of our products and the platform it resides on are safe. Upon becoming aware of the vulnerability, Xero took immediate steps to strengthen the layers of defense that protect our critical functions against this potential vulnerability.

What does this mean for you?

During our assessment process, we identified that any app using Log4j (between versions 2.0 and 2.14.1) may be vulnerable. Those using Log4j with older versions of Xero’s Java SDK i.e. 3.x versions or below, are most at risk. If you’re using a newer version of Xero’s Java SDK, 4.0.1 it is recommended you verify which libraries you are using.

It is also recommended that you investigate and patch all your systems that use Apache Log4j, and determine whether you are potentially vulnerable.

Information is also available on the NZ CERT website here (NZ CERT is well regarded globally — different advisors globally will be providing their own advice and you should also obtain your own independent advice where appropriate).

We take the security of our customers’ data very seriously and will continue to keep our community updated on relevant information.

Why leave it there?

To keep up to date with the latest Xero news
Visit our website

Straight to your inbox

Subscribe to our newsletter for updates as they happen
We hate spam too. We NEVER sell our mailing list.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Tide and Adyen unite to enhance small businesses payments with Tap to Pay on iPhone

October 22, 2024
By 

BGL integrates with Oxygen to streamline SMSF loan applications

July 29, 2024
By 

FOREIGN CURRENCY GAINS & LOSSES IN XERO EXPLAINED

March 3, 2023
By 
XU Hub / XU Magazine / XU Biweekly
XU Hub, XU Magazine and XU Biweekly are collaboratively produced by an independent group of Xero users and is not affiliated in any way with Xero.
Xero - Beautiful business
Xero is the leading online accounting software for small businesses. Manage invoicing, bank reconciliation, bookkeeping and more. Learn more or take a free Xero trial.
Contact
hello@xumagazine.com
HQ
Office 1
Brunswick House
Brunswick Way
Liverpool
Merseyside
L3 4BN
United Kingdom

Registered Company No:
08811842
VAT Registration No:
GB 183 5180 04
Get in TouchLatest NewsRead every issuePrivacy Policy
Subscribe for FREE
© Copyright XU Magazine Ltd 2013-2024. 'Xero' is a trademark of Xero Limited.