Background
“Log4Shell is a zero-day vulnerability — named as such since affected organizations have zero days to patch their systems — that allows attackers to remotely run code on vulnerable servers running Log4j, which developers use to keep a record of what’s happening inside an application as it runs. The vulnerability is tracked as CVE-2021-44228 (uncovered recently on December 10th) and was given the maximum 10.0 severity rating, meaning attackers can remotely take full control of a vulnerable system over the internet without any interaction from the victim — and it doesn’t require much skill to pull it off.” - from TechCrunch
Related resources:
- CVE-2021-44228
- Wired - The Internet Is on Fire
- Log4j: Serious software bug has put the entire internet at risk | New Scientist
Common questions regarding the Log4j Exploit we have got from our customers
- Does Holistics use Log4j?
- Is Holistics affected by the Log4j Exploit?
Our Answer: Holistics is not affected by the exploit
Most of our technical stack is Ruby, and no other services use Java or the specific vulnerable log4j library version. So Holistics is not affected by the Vulnerability issue.
In addition, although this blog post is quite old, it can give you a sense of the core of Holistics How We Built A Multi-Tenant Job Queue System with PostgreSQL & Ruby.