A security vulnerability affecting the Java logging framework Log4j was publicly disclosed in December 2021

DeepConverse platform does not use Java technology for our core services, and as a result, our services are not impacted by the Log4Shell vulnerability.

We tested our systems for external exploitability of the vulnerability to identify possible attack vectors. We patched our logging infrastructure, and updated them accordingly based on the recommended guidance from Elastic and AWS.

Additional controls are also being employed to mitigate the risk. We are monitoring abnormal patterns in DeepConverse inbound and outbound traffic, and activating new web application firewall (WAF) rules and blocking suspicious IPs.