Blueprint by Tiny
Return to Tiny.cloud
Return to Tiny.cloudTry TinyMCE for Free
Search by

Log4j vulnerability and TinyMCE: Risk assessment report

John Rau

December 13th, 2021

Written by

John Rau

Category

Engineering

Late last week, an Apache Log4j vulnerability was discovered as an exploit targeting Minecraft servers, but the vulnerability has been detected internet-wide.

Log4j is an open source java package which enables logging. Check GitHub CVE-2021-44228 report for more information and review reports about Log4Shell.

After a review, Tiny can confirm that none of our Enterprise or Cloud services use Log4j and therefore our services are not at risk.

Tiny makes use of log4s for logging and any logging related development. The log4s project makes use of the slf4j API. While slf4j can be used with log4j, Tiny uses the logback backend, which is not affected by the same vulnerability as Log4j.

Security management at Tiny

Security management is important to us, and our customers, that’s why we prioritize security investigations.

How do you report security issues?

Anyone can report a vulnerability by emailing information to infosec@tiny.cloud, including any information on how it was discovered. Tiny customers may also log issues through the Tiny support system.

When we receive a security report, our InfoSec team assesses the severity and impact of the issue, then they decide on a course of action.

If the issue requires a product change, we then consult the responsible engineering team. 

Security issues are prioritized

The engineering team then addresses and patches the issue in all supported versions. Open source versions receive attention first, followed by commercial versions.

Once we’ve completed the patch for commercial versions, a  security alert is issued. GitHub security reports are an ideal place to issue alerts, since GitHub’s wide adoption means the widest number of users and companies can see the alert and integrate an update into their patching workflow.

You can stay up to date with what's happening at Tiny by following us on Twitter, and don't hesitate to contact us with any questions or feedback at all.

SecurityTinyMCE
byJohn Rau

A former developer, John works on the Marketing team at Tiny. When he's not spreading the word about TinyMCE, he enjoys taking things apart and *trying* to put them back together (including his house and anything else that looks interesting).

Related Articles

  • Engineering

    How to generate a flexible and sortable HTML table

    by Joe Robinson in Engineering
Subscribe for the latest insights served straight to your inbox every month.

Deploy TinyMCE in just 6 lines of code

Built to scale. Developed in open source. Designed to innovate.

Begin with your FREE API Key
Tiny Editor
Tiny logo
Privacy Policy - Terms of Use© 2022 Tiny Technologies Inc.TinyMCE® and Tiny® are registered trademarks of Tiny Technologies, Inc.

Products

  • TinyMCE
  • Tiny Drive
  • Customer Stories
  • Pricing