Log4Shell Update from Parchment
Incident Report for Parchment
This incident has been resolved.
Posted Jan 03, 2022 - 06:12 PST
As you may have heard, a critical vulnerability was made public on Friday impacting some of the common infrastructure of the web. This issue may be known as Log4Shell or CVE-2021-44228. We're providing this system-wide update to acknowledge our awareness of the issue and share our status related to it. No action is required on your part. This message is meant to proactively empower Parchment members with information technical teams may seek to understand their exposure to the vulnerability.

At this point, we believe the Parchment implementation of log4j is not vulnerable, as we leverage a Java version that mitigates the vulnerability. Regardless, we have added controls on a network level that reduce Parchment vulnerability to be exploited in this manner.

Our teams are continuing to proactively investigate and monitor several areas, including events from our Security Information and Event Management system, our codebase, and third-party services with which Parchment is integrated.

Again, no action is required at this time. Any further updates will be communicated as they are available.
Posted Dec 13, 2021 - 16:54 PST
This incident affected: Consumer (Learner (Login, Registration & Ordering), Administrator (Login & Processing)), Parchment 7 (Administrator (Login & Processing), Learner (Login, Registration & Ordering)), Integrations (SPEEDE Integration, SFTP Downloads, SFTP Services (Outbound/Inbound)), Credentials Solutions (TranscriptsPlus, eScrip-Safe), Parchment 6 (Administrator (Login & Processing)), and Parchment Analyze, Parchment Award.