HELP FILE

GoTo's Response to Log4j — Remediated

    On Friday, December 10th, a zero-day vulnerability affecting a widely utilized open-source logging tool that is part of Apache Logging Services impacted a meaningful subset of the software industry. The security of our services and customer data is a top priority for GoTo and we are taking this matter very seriously. Upon becoming aware of the vulnerability, GoTo initiated an investigation to determine if any further action is required to mitigate against the vulnerability. Additionally, we continue to monitor for the latest information regarding this issue with Apache to keep our software and customers safe and secure.

    At this point any vulnerabilities have been remediated to the best of our knowledge and it has been determined there is no impact.

    We will keep customers apprised of any status updates on this page. In the rare circumstance where a customer needs to take an action, we will communicate directly.

    What is the vulnerability?

    On Friday, December 10th, a zero-day vulnerability, affecting a widely utilized open-source logging tool, that is part of Apache Logging Services called Log4j, impacted a meaningful subset of the software industry.

    What if my product is still pending remediation?

    Our teams have worked diligently to investigate and apply patches, as well as continuing to monitor for the latest information regarding this issue from Apache.

    What if my product is remediated?

    This product was either not impacted by Log4j or patches have been deployed.

    Do I need to do anything?

    Our teams are continuing to investigate and either verifying that there is no impact or taking steps, where necessary and patching is available. Except in exceptionally rare circumstances, where users have been notified, there is no further action to take on the customer side regarding this vulnerability.