Many of you may have heard about the recently announced, serious security vulnerability in a widely-used Java logging package called log4j.
This issue potentially impacts products and services everywhere. Desktop systems, embedded systems, mobile devices, cloud services, and enterprise software are all potentially vulnerable.
The Onshape Security Team has been actively investigating any potential impact of this vulnerability since early Friday morning. No exploitable issues in Onshape have been discovered, but this is a very serious bug and we continue to investigate.
Technical details of the vulnerability can be found here: https://www.lunasec.io/docs/blog/log4j-zero-day/
There is no action any of our customers need to take at this time. We will continue to provide updates as more information becomes available. As always, we strive to be as transparent as possible with the Onshape community.
Onshape Security Teamsecurity@onshape.com