Welcome to the Onshape forum! Ask questions and join in the discussions about everything Onshape.

First time visiting? Here are some places to start:
  1. Looking for a certain topic? Check out the categories filter or use Search (upper right).
  2. Need support? Ask a question to our Community Support category.
  3. Please submit support tickets for bugs but you can request improvements in the Product Feedback category.
  4. Be respectful, on topic and if you see a problem, Flag it.

If you would like to contact our Community Manager personally, feel free to send a private message or an email.

Onshape response to the log4j security vulnerability

john_rousseaujohn_rousseau Member, Onshape Employees, Developers Posts: 287

Many of you may have heard about the recently announced, serious security vulnerability in a widely-used Java logging package called log4j.

This issue potentially impacts products and services everywhere. Desktop systems, embedded systems, mobile devices, cloud services, and enterprise software are all potentially vulnerable.

The Onshape Security Team has been actively investigating any potential impact of this vulnerability since early Friday morning. No exploitable issues in Onshape have been discovered, but this is a very serious bug and we continue to investigate. 

Technical details of the vulnerability can be found here: https://www.lunasec.io/docs/blog/log4j-zero-day/

There is no action any of our customers need to take at this time. We will continue to provide updates as more information becomes available. As always, we strive to be as transparent as possible with the Onshape community.

Onshape Security Team

[email protected]


John Rousseau / VP, Technical Operations / Onshape Inc.

Comments

  • emagdalenaC2iemagdalenaC2i Member, Developers, Channel partner Posts: 713 ✭✭✭✭✭
    Un saludo,

    Eduardo Magdalena                           C2i Change 2 improve                           ☑ ¿Por qué no organizamos una reunión online?   
                                                                         Partner de PTC - Onshape                                      Averigua a quién conocemos en común
  • john_rousseaujohn_rousseau Member, Onshape Employees, Developers Posts: 287
    The Onshape Security team continues to monitor the situation and work with our vendors to make sure they maintain their vigilance. There were no exploitable vulnerabilities discovered in the Onshape service. Any further updates will be posted here.
    John Rousseau / VP, Technical Operations / Onshape Inc.
Sign In or Register to comment.