Unfortunately, it looks like you are using an outdated browser.

To improve your experience on our site and ensure your security, please upgrade to a modern browser such as Chrome, Firefox, Safari, or Edge.

Skip to main content

Heard about The Community Lounge podcast yet?

Listen now

Blog Product Updates

Feature Upvote and log4shell

Last updated:

After investigation, we’ve concluded that we are not affected by log4shell.

Nevertheless we investigated any exposure we might have.

We don’t use log4j at all. However we discovered that a third-party dependency does.

We’ve configured our build project to ensure that the fixed version of log4j (2.16) is used by that third-party dependency.

We’ve verified this fix with multiple sets of eyes.

We built and deployed this updated version as a precaution.

Some other measures we use to protect Feature Upvote:

  • Our application is protected by AWS WAF (Web Application Firewall), which gives us an additional layer of protection against the log4shell vulnerability, as well as other vulnerabilities.
  • Once a month, a team member updates our app to use the latest versions of all our dependencies.
  • Once a month, a team member ensures our servers are updated with all the latest security updates.
  • When necessary we act immediately to install additional fixes.

None of these measures are sufficient by themselves. Together, however, when combined with the rest of our security-conscious processes, we aim to keep Feature Upvote safe from known and unknown security vulnerabilities.