Guidewire has been actively evaluating the impact of CVE-2021-44228 - Log4j RCE within our products and our Cloud environments. Information about this situation has been posted to the Guidewire Community (https://community.guidewire.com/s/article/Update-to-customers-who-have-questions-about-the-use-of-log4j-in-Guidewire-products
Our current progress on this evolving situation is as follows:
-Our Cloud Operations teams have implemented controls and patches designed to address the vulnerability for Guidewire Cloud Production, Pre-Production, and “Uplifted” Non-Production environments.
-Guidewire has provided suggestions and recommendations for Guidewire Cloud customers on how to remedy the vulnerability for their Non-Production environments.
-Our Cloud Operations teams have implemented controls and patches designed to address the vulnerability for affected InsuranceNow customers.
Guidewire has also provided instructions for Guidewire Self-Managed (on-premise) customers, which can be viewed at https://community.guidewire.com/s/article/Critical-Security-Vulnerability-Detected-in-3rd-party-library-Log4j-that-impacts-InsuranceSuite-applications
in Guidewire Community (login required).
Our teams are fully dedicated to this ongoing situation and are continuing to evaluate additional updates that may be necessary for Guidewire Cloud and Guidewire Self-Managed customers. Please check back in to Guidewire Status for additional updates. As always, we thank you for your patience and support in managing this evolving situation.