All Systems Operational
Poppulo Platform / Web Application ? Operational
Reporting & Analytics ? Operational
Email Microsites ? Operational
Email Sending ? Operational
Mobile App ? Operational
Mobile Publishing ? Operational
Operational
Degraded Performance
Partial Outage
Major Outage
Maintenance
Past Incidents
Jan 18, 2022

No incidents reported today.

Jan 17, 2022
Resolved - All Poppulo systems have been patched and updated to Apache Log4j 2.17.1.

There is no evidence of this vulnerability being exploited within any Poppulo environment.
Jan 17, 12:34 GMT
Update - Another vulnerability was found with Apache Log4j 2.17 and update Apache Log4j 2.17.1 was released. Poppulo is planning on upgrading to Apache Log4j 2.17.1 to mitigate against this risk over the coming days. There is no evidence of this vulnerability being exploited within any Poppulo environment. We will continue to monitor our environments on an ongoing basis.
Jan 5, 10:06 GMT
Update - Poppulo's production systems are now 100% updated from Apache Log4j 2.16 to Apache Log4j 2.17. There is no evidence of this vulnerability being exploited within any Poppulo environment. We will continue to monitor our environments on an ongoing basis.
Dec 22, 16:08 GMT
Monitoring - We have been updating all production systems on Apache Log4j 2.16 to Apache Log4j 2.17 and now have 78% of our systems updated. There remains no evidence to suggest either vulnerability has been exploited within any Poppulo environment.
Dec 20, 17:18 GMT
Investigating - Poppulo were alerted to the log4j vulnerability when it was published week of 6th December and subsequently updated all systems to Apache Log4j 2.16. A further vulnerability has been highlighted last week involving a mandatory update to Apache Log4j 2.17.

There has been no evidence of either vulnerability being exploited within any Poppulo environment. Mitigation of all systems to 2.17 began on Friday, December 17th and is estimated to be completed in all our environments within the next 36 hours. We will continue to monitor our environment on an ongoing basis.


1. Is Poppulo aware of the most recently published log4j vulnerability (CVE-2021-45105 / Denial of Service)?
Yes. Poppulo subscribes to a number of vulnerability reporting/tracking repositories, and were alerted to and aware of the vulnerability since it was published last week .
2. Is Poppulo leveraging log4j versions which are potentially impacted by the vulnerability?
Yes. There are instances of log4j within our environments that are vulnerable to the published exploit.
3. Is Poppulo aware of any actual exploits of the vulnerability in the Poppulo environment?
There is no evidence of this vulnerability being exploited within any Poppulo environment. We will continue to monitor our environments on an ongoing basis.
4. Is Poppulo taking steps to patch its environment and to mitigate the risk of exploit?
Patches to address the vulnerability are currently being applied to our environments, and is estimated to be completed in all environments within the next 36 hours.
Dec 20, 13:27 GMT
Jan 16, 2022

No incidents reported.

Jan 15, 2022

No incidents reported.

Jan 14, 2022

No incidents reported.

Jan 13, 2022

No incidents reported.

Jan 12, 2022

No incidents reported.

Jan 11, 2022

No incidents reported.

Jan 10, 2022

No incidents reported.

Jan 9, 2022

No incidents reported.

Jan 8, 2022

No incidents reported.

Jan 7, 2022

No incidents reported.

Jan 6, 2022

No incidents reported.

Jan 5, 2022
Jan 4, 2022

No incidents reported.