Update: The WordPress VIP and Automattic security teams continue to monitor the Log4j situation and apply all patches and mitigations to our platform and systems as needed.
Recently, a critical vulnerability (CVE-2021-44228) nicknamed “Log4Shell” was discovered in the widely-used Log4j logging library maintained by the Apache Foundation.
We have mitigated this vulnerability across our systems, including Parse.ly, and have found no evidence of exploitation.
Immediately upon learning of this vulnerability, our teams started a comprehensive review of our systems for the presence of Log4j and applied the recommended mitigations anywhere that Log4j is used. Where appropriate, we also deployed mitigating firewall rules.
We will continue to monitor the situation closely and we strongly recommend all WordPress VIP customers review their own systems outside of WordPress VIP for the presence of vulnerable versions of Log4j and take any necessary action. A mitigation guide can be found here.
As always, if you have any questions or concerns, please open a support ticket.
WordPress VIP Lobby 