On Dec 10, 2021, Keeper’s security team researched a publicly-reported vulnerability regarding an open-source Java logging library developed by the Apache Foundation called Log4j (vulnerability number CVE-2021-44228).
Within 24 hours following the public disclosure of CVE-2021-44228, Keeper’s security and DevOps teams published updates to its infrastructure and enterprise software applications to remediate and replace all Log4j libraries. Enterprise customers who required software updates have been contacted directly.
On Dec 14, 2021, Keeper’s security team researched a second, publicly-reported vulnerability with Log4j version 2.15.0 (vulnerability number CVE-2021-45046).
Within 24 hours following the public disclosure of CVE-2021-45046, Keeper’s security and DevOps teams published updates to its infrastructure and enterprise software applications to remediate and replace all Log4j libraries.
Please contact Keeper support if you have any questions. Thank you for staying protected with Keeper Enterprise.