Log4j vulnerability

14th December 2021

As widely reported, the Log4j critical vulnerability has gained much attention in the press. 

The Log4j vulnerability targets a widely used Java library developed and maintained by the Apache foundation and carries a CVSS rating of 10 out of 10 in terms of criticality. 

Since we became aware of this issue on the morning of Friday 10th December, Nominet’s response activities have been prioritised with all relevant teams focused on working to understand our level of exposure and associated risk. 

All internal systems have now been reviewed with patches and mitigations being deployed as they arise. We continue to work with third party suppliers to ensure vulnerabilities are addressedWhile we remain on high alert, there is no evidence of compromise to systems or data. 

We would like to highlight public resources which we have found to be both concise and informative: 

The security of our products and services is a top priority and critical to our ongoing commitment of fostering trust and transparency for our customers. This is an evolving situation, and we will continue to take prompt action as necessary.