Guidewire has concluded tracking Log4J on the status page. Please open a Community case if you have additional questions, as Guidewire will continue to monitor updates accordingly.
Posted May 19, 2022 - 14:20 PDT
Guidewire continues to prioritize Log4J 2.17.1 updates for remaining products that are potentially impacted. We will update this page as appropriate to notify you of any pending changes.
Posted Feb 17, 2022 - 10:10 PST
After previously updating Guidewire's products to Log4j 2.16 to address potential RCE (Remote Code Execution) vulnerabilities, Guidewire has also completed delivery of updates to Log4j 2.17 for all Self-Managed as well as Cloud customers running on the "Classic Platform" and Guidewire Cloud Platform (GWCP). Guidewire is prioritizing of updates for Log4j 2.17.1 for any products potentially impacted, has recently delivered 2.17.1 updates for select GWCP cloud releases, and will provide updates for other products at the earliest possible opportunity.
Our current progress on this evolving situation is as follows: -Our Cloud Operations teams have implemented controls and patches designed to address the vulnerability for Guidewire Cloud Production, Pre-Production, and “Uplifted” Non-Production environments. -Guidewire has provided suggestions and recommendations for Guidewire Cloud customers on how to remedy the vulnerability for their Non-Production environments. -Our Cloud Operations teams have implemented controls and patches designed to address the vulnerability for affected InsuranceNow customers.
Our teams are fully dedicated to this ongoing situation and are continuing to evaluate additional updates that may be necessary for Guidewire Cloud and Guidewire Self-Managed customers. Please check back in to Guidewire Status for additional updates. As always, we thank you for your patience and support in managing this evolving situation.