Unfortunately, it looks like you are using an outdated browser.

To improve your experience on our site and ensure your security, please upgrade to a modern browser such as Chrome, Firefox, Safari, or Edge.

Skip to main content

Blog Product Updates

Feature Upvote and log4shell

Last updated:

After investigation, we’ve concluded that we are not affected by log4shell.

Nevertheless we investigated any exposure we might have.

We don’t use log4j at all. However we discovered that a third-party dependency does.

We’ve configured our build project to ensure that the fixed version of log4j (2.16) is used by that third-party dependency.

We’ve verified this fix with multiple sets of eyes.

We built and deployed this updated version as a precaution.

Some other measures we use to protect Feature Upvote:

  • Our application is protected by AWS WAF (Web Application Firewall), which gives us an additional layer of protection against the log4shell vulnerability, as well as other vulnerabilities.
  • Once a month, a team member updates our app to use the latest versions of all our dependencies.
  • Once a month, a team member ensures our servers are updated with all the latest security updates.
  • When necessary we act immediately to install additional fixes.

None of these measures are sufficient by themselves. Together, however, when combined with the rest of our security-conscious processes, we aim to keep Feature Upvote safe from known and unknown security vulnerabilities.