Log4j Vulnerability in Monday.com

Announced late last week was a vulnerability within a logging library widely used in many Java apps.

Is Monday.com vulnerable to this and if yes what are the plans in place to mitigate the problem?

I see you list Elastic Search in your tech stack which is vulnerable. Would be great to see a statement put out from your side

Indeed, what is Monday doing, or what have they done for this vulnerability?

I’ve searched all over their site(s) and found nothing on the issue, which seems kind of glaring. I just submitted a Support Request on the issue, so hopefully that provides some insight/clarity/transparence.

image

I received this back from their support team. So it looks like no direct use of Java and they mention updating third party apps so hopefully that covers Elastic Search which I know has vulnerabilities in certain versions of their software.

Bit of a woolly statement but I hope this helps

2 Likes

Hi @darrylclark :wave:

Thanks so much for your post!
As you posted above, this is our official response in regards to the Log4j vulnerability.

If you have any further questions please do feel free to let us know.

Best,

Dani