Log4j - SCIM bridge affected?

Saqibs
Saqibs
Community Member
edited December 2021 in SCIM Bridge

Hi all,

I have seen a post in a separate section on here stating the Log4j is vulnerability does not affect the 1Password app, I wanted to get further clarification that the SCIM bridge is not affected by the Log4j vulnerability.

Your help is appreciated.

1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided

Comments

  • Chas_1P
    Chas_1P

    Hi @Saqibs

    Thanks for reaching out. All of our products and services, including the SCIM bridge, are not affected by the Log4j security bug. Our security teams have thoroughly reviewed all our code and, although we use Java for some internal tools and services, our review indicates that they were not directly exploitable. Our SCIM bridge does not use Java at all, and has no connection with Log4j.

    I hope that answers your question, but feel free to reach out again if you have any further questions.

    Chas

  • Saqibs
    Saqibs
    Community Member

    @Chas_1P

    Thank you for the comprehensive reply!

  • ag_ana
    ag_ana
    1Password Alumni

    On behalf of Chas, you are welcome @Saqibs! If you have any other questions, please feel free to reach out anytime.

    Have a wonderful day :)

  • JasonRH
    JasonRH
    Community Member

    Why isn't there a simple statement or FAQ on the website support page about this

  • DeVille_1P
    DeVille_1P

    Hi @JasonRH. Thanks for the question and you make an excellent point. We agree and are working on adding an official response to our support page that includes the same information we shared here, and the reply we provided on Reddit.

  • rudy
    rudy

    @JasonRH,

    We have also published an official statement on our website: https://support.1password.com/kb/202112/

This discussion has been closed.