Log4JShell Not a Worry for Pydio Cells
You’ve probably heard about the Log4J vulnerability (CVE-2021-44228), which allows remote code execution on Apache web servers. The vulnerability is also quick and easy to execute and was rated 10 (out of 10) on the Common Vulnerability Scoring System scale. It has affected literally thousands of organizations like Apple, Twitter, Valve, Tencent, and many other major service providers. So as a Pydio user, you are surely concerned about whether Pydio or Pydio Cells deployments may be affected.
Short answer
NO, there is no need to worry.
Long answer
Pydio 8 is a PHP application and Cells was developed in Golang. Log4J is a Java library used by many Java applications for logging. As such, our own code is not exposed to this vulnerability. We also don’t install or use Log4J for any third-party tool that could be deployed in our cloud images (OVF, VMWare, AWS AMI).
Be Safe Not Sorry
That said, if Pydio is installed on your own server, it’s your responsibility to ensure that you haven’t installed any log4j-related software on that server. Better safe than sorry.
Need to Balance Ease-of-Use with Security? Pydio Cells Can Help.
If your organization is serious about secure document sharing and collaboration you need to check out Pydio Cells. Cells was developed specifically to help enterprises balance the need to collaborate effectively with the need to keep data secure.
With robust admin controls, advanced automation capabilities, and a seamless, intuitive end-user experience Pydio is the right choice for organizations looking to balance performance and security without compromising on either. Try Cells live for yourself. Or click on the button below to talk to a Pydio document sharing specialist.