A critical vulnerability in the popular Log4j library might leave you wondering—does your headless CMS provide adequate protection to secure your website against hackers? Let’s take a closer look at Kontent’s security policy to find out.
Juraj KomlosiDec 16, 2021
What is the Log4j security vulnerability?
The Log4j library—widely used for logging error messages in Java applications—was hit by a severe vulnerability that enables unauthenticated access to servers and might allow attackers to execute malicious code.
While this vulnerability may seem scary at first glance, it’s relatively easy to protect your website against it. Since Kontent by Kentico is not built on Java, you don’t need to be concerned about any security issues related to the Log4Shell flaw.
In case you’re running Kontent on Azure, you’ll find the Microsoft blog useful.
How secure is Kontent?
Moreover, we run regular security tests to ensure our solution is always up to date with the latest patches. That way, you can rest assured that your website and data are safe.
One of Kontent’s biggest advantages is its reliance on .NET technology. Applications built on this technology have not been impacted by the critical Log4Shell vulnerability.
Has the Log4Shell flaw affected Kontent?
Our security team reviewed all dependencies (NPM and NuGet packages) as well as the SDKs that we manage. We made sure that none of these components had a reference to the critical Log4j vulnerability.
As a result, the security team confirmed that the Log4j vulnerability does not affect the projects running on Kontent.
Curious about Kontent’s disaster recovery plan? Dive into this blog post to learn more.