A critical vulnerability in the popular Log4j library may leave you wondering—does your headless CMS provide adequate protection to secure your website against hackers? Let’s take a closer look at Kontent.ai’s architecture to find out.
What is the Log4j security vulnerability?
The Log4j library—widely used for logging error messages in Java applications—was hit back in late 2021 by a severe vulnerability. This weakness could be utilized for unauthenticated access to servers and might allow attackers to execute malicious code.
While this vulnerability seems scary at first glance, the good news is that Kontent.ai application is not affected by it. Kontent.ai application is built on .NET technology and does not utilize the Log4j Java library at all.
Has the Log4Shell flaw affected Kontent.ai?
Our security team reviewed all dependencies (NPM and NuGet packages) as well as the SDKs that we manage. We made sure that none of these components had a reference to the Log4j library.
As a result, the Security Team confirms that the Log4j vulnerability does not affect the projects running on Kontent.ai.
How secure is Kontent.ai?
In addition, we perform regular security reviews, vulnerability scans, and penetration tests. We also run Vulnerability Disclosure Program and work with the community of security researchers for early discovery and remediation of vulnerabilities.