We are delighted to announce CitNOW Group is proudly co-sponsoring the first-ever ‘special edition’ NFDA Driving Digital event at Lord's Cricket Ground in London on 6th December 2023

Read more

Log4J Vulnerability

On Friday, December 9, 2021, a new vulnerability was disclosed in the Apache Log4j module. This was officially identified as CVE-2021-44228, and was unusual in that it was both easy to exploit and very common across the Internet.

Immediately after the disclosure, the CitNOW engineering team checked all the production systems and confirmed that Log4j is not in used on any CitNOW production servers. Log4j is commonly used in Java applications, and the CitNOW systems are not written in Java.

Shortly after the disclosure, the CitNOW compliance started the process of contacting all of our third party suppliers to establish if they are affected. This process is ongoing, but as of Tuesday 14th December, no third parties have declared that they remain vulnerable, or that they had any evidence of any attack.

For further reassurance, the CitNOW engineering team also ran a recently released penetration test to check for the vulnerability and nothing was found.