Posted by Miryam Brand
December 16, 2021
Executive summary: The Akeyless Vault Platform is not impacted by the log4j vulnerability
Recently, a zero-day vulnerability (CVE-2021-44228) was discovered in the popular Apache Log4j logging library, which could allow an attacker full remote code execution.
Many enterprise apps and cloud services use this common logging library. Apache has since released a security update and provided recommended configurations for earlier versions that mitigate the vulnerability’s impact. We strongly encourage security and dev teams to analyze their use of the tool and update immediately, if they haven’t already done so.
Akeyless’ security teams validated the platform code and processes, and confirm that this vulnerability does not affect our platform, throughout the entire software supply chain.
As part of Akeyless SOC 2 Type II and ISO27001:2013 compliance, Akeyless has established a process to promptly validate the effect of any vulnerability, just like this log4j issue.
For more details on how Akeyless secures the Vault Platform, and our customers, visit akeyless.io/trust-center.
DevOps SecurityThe Akeyless gateway serves as protection between your private network and the cloud. Equipped with caching and zero-knowledge encryption capabilities, the Akeyless gateway is the powerhouse of the Akeyless SaaS platform.
Using GitHub Securely: Best Practices & What to Watch Out ForDevelopers on public GitHub leak over 5,000 API keys or credentials every day. Learn best practices to avoid credential breaches on GitHub.
What’s in a Secret? Best Practices for Static, Rotated and Dynamic SecretsSecrets are ranked as the leading cause of data breaches. Combat this by learning how to best use static, rotated, and dynamic secrets.