cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
allan21
‎12-11-2021 10:49 AM

Square Online and Apache Security Vulnerabilities

Hi - does Square Online/Weebly/etc. make use of Apache's Log4j Java-based logging... or Apache Struts2, Apache Solr, Apache Druid, Apache Flink, etc.?  

Apache is pervasive in the web hosting world, so I would not be surprised if it does.

 

I trust you've seen reports in the news regarding a serious and easy-to-exploit security flaw in these Apache products, e.g. https://logging.apache.org/log4j/2.x/security.html

 

What is Square's position? Not applicable, or patches being deployed?

 

cc: @tranguyen 

Reply
1,034 Views
Message 1 of 4
Report
3 REPLIES 3
tranguyen
Admin
‎12-13-2021 03:45 AM

Hi @allan21, thank you for sharing this.

 

I've shared this with the appropriate team and will follow up once I have an update from them. 

Tra | she/her
Community Program Manager, Square
Reply
0 Kudos
1,027 Views
Message 2 of 4
Report
allan21
‎12-13-2021 05:59 AM

In response to tranguyen

Thanks @tranguyen - I forgot to mention it also affects older versions of Logstash, which lots of systems use.

 

Even the British and American governments have put out warnings about this flaw: 

https://news.sky.com/story/potential-for-damage-incalculable-experts-sound-alarm-over-cyber-vulnerab...

Reply
0 Kudos
1,025 Views
Message 3 of 4
Report
Howler007
‎12-17-2021 02:59 PM

In response to tranguyen

Update please? If it’s not an issue, great. If it is, please reassure us. 

 

Reply
0 Kudos
1,012 Views
Message 4 of 4
Report
Anonymous

Square Community

Square Products

Resources

More

© 2025 Square, Inc.