Apache Log4j vulnerability CVE-2021-44228

Would be great to get some kind of response on this. I am surprised they did not mention anything proactively.

I sent an inquiry to serviceincident@zendesk.com about this, maybe a few more tickets raised to the same address will nudge them into a reply...

Great idea, will do!

I got a response from Zendesk support stating the following:

Zendesk does use Log4j in some parts of our infrastructure. We have identified the appropriate mitigations and updates, and are implementing these in our environment.

Zendesk and the industry are continuing investigations into this Apache security event. At this point in time, we are not aware of any impact to your account. We will keep you informed should this assessment change.

Check out ZD's new advisory regarding this: https://support.zendesk.com/hc/en-us/articles/4413583476122

Cool, thanks Mark McLane for the detailed updates!

Happy EOY, good people! :) 

Eric Nelson

Will Zendesk inform when all necessary fixes are deployed?

This allows your customers (us) to report this internally as done.

Hey Mike, 

We've put out some comms here that discuss what we've done to remediate this so far and our steps to continue to monitor it.

Hello,

I just wanted to add one additional piece of information to this conversation. Zendesk does not use Log4j in our mobile SDKs, so there is no impact on that side of the Zendesk platform.