Issues regarding Apache log4j (log4j) vulnerability CVE-2021-44228 were brought to our attention at BlueX Pay. Our system was not vulnerable to this issue. However, we still performed our due diligence regardless, as outlined below:
- We performed a comprehensive system and data check. Our findings showed that our data and system components remain intact and consistent
- We constructed our core system with Golang, not Java. As a result, we were not vulnerable to the issue
- We implemented emergent upgrades for all supporting system components that were written in Java to fix the issue by Dec 12, 12:00:00 UTC
- We also added extra web application firewall rules to filter out all potential attacks
If you have any questions for our team, please feel free to email us at Info@bluextrade.com.