We are aware of the issue with the badge emails resending to everyone, we apologise for the inconvenience - learn more here.
Forum Discussion
Log4j Breach
After the discovery of the security breach caused by Log4j on the weekend of December 10-12, 2021. We need to know if your software is vulnerable to this security breach.
Hey Bigjoe910 & leksikon - thanks for your patience while we conducted a thorough review of services and components across all Dropbox products.
We have hardened all instances of log4j that were identified on HelloSign and Dropbox-owned platforms by applying a patch or taking other appropriate action. Like many other service providers, we continue to work with our vendors to assess impact and remediation efforts. Our systems are functioning normally and we are not aware of any active threat.
I hope this information helps!
My company is also asking for a status on this - is Dropbox and HelloSign affected?
- Walter
Dropbox Staff
Hey Bigjoe910 & leksikon - thanks for your patience while we conducted a thorough review of services and components across all Dropbox products.
We have hardened all instances of log4j that were identified on HelloSign and Dropbox-owned platforms by applying a patch or taking other appropriate action. Like many other service providers, we continue to work with our vendors to assess impact and remediation efforts. Our systems are functioning normally and we are not aware of any active threat.
I hope this information helps!
Is there any update on if both CVE's related to Log4j are remediated or mitigated on the Dropbox platform? The latest CVE was just added late 12/14/2021.
CVE-2021-45046
CVE-2021-44228
