14-day Cloud trial
Start today. For free.

One editor. 50+ features. Zero constraints. After your trial, retain the advanced features.

Try Professional Plan for FREE
PricingContact Us
Log InGet Started Free

Log4j vulnerability and TinyMCE: Risk assessment report

December 13th, 2021

1 min read

TinyMCE not at risk of Log4j or Log4Shell

Written by

John Rau

Category

World of WYSIWYG

Late last week, an Apache Log4j vulnerability was discovered as an exploit targeting Minecraft servers, but the vulnerability has been detected internet-wide.

Log4j is an open source java package which enables logging. Check GitHub CVE-2021-44228 report for more information and review reports about Log4Shell.

After a review, Tiny can confirm that none of our Enterprise or Cloud services use Log4j and therefore our services are not at risk.

Tiny makes use of log4s for logging and any logging related development. The log4s project makes use of the slf4j API. While slf4j can be used with log4j, Tiny uses the logback backend, which is not affected by the same vulnerability as Log4j.

Security management at Tiny

Security management is important to us, and our customers, that’s why we prioritize security investigations.

How do you report security issues?

Anyone can report a vulnerability by emailing information to infosec@tiny.cloud, including any information on how it was discovered. Tiny customers may also log issues through the Tiny support system.

When we receive a security report, our InfoSec team assesses the severity and impact of the issue, then they decide on a course of action.

If the issue requires a product change, we then consult the responsible engineering team. 

Security issues are prioritized

The engineering team then addresses and patches the issue in all supported versions. Open source versions receive attention first, followed by commercial versions.

Once we’ve completed the patch for commercial versions, a  security alert is issued. GitHub security reports are an ideal place to issue alerts, since GitHub’s wide adoption means the widest number of users and companies can see the alert and integrate an update into their patching workflow.

You can stay up to date with what's happening at Tiny by following us on Twitter, and don't hesitate to contact us with any questions or feedback at all.

SecurityTinyMCE
byJohn Rau

A former developer, John works on the Marketing team at Tiny. When he's not spreading the word about TinyMCE, he enjoys taking things apart and *trying* to put them back together (including his house and anything else that looks interesting).

Related Articles

  • World of WYSIWYGMay 8th, 2024

    Math Equations and Enhanced AI connections - TinyMCE 7.1

Join 100,000+ developers who get regular tips & updates from the Tiny team.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Tiny logo

Stay Connected

SOC2 compliance badge

Products

TinyMCEDriveMoxieManager
© Copyright 2024 Tiny Technologies Inc.

TinyMCE® and Tiny® are registered trademarks of Tiny Technologies, Inc.