Apache Log4j vulnerability update from Citadel Technology

You may have read in the media about the Apache Log4j vulnerability which was first reported in the market on 10 December 2021. We wanted to assure you that we are fully aware of the situation and have been working to assess the potential exposure to our systems.

All Citadel’s systems are protected from the internet using multiple layers of security which are constantly monitored and maintained in the background by us. However, as we are a cloud / hosting business we do have some elements of our platforms which have to be addressed by the internet, due to the nature of what they deliver. We have already completed a thorough assessment of these with our technical team and software partners and to date we haven’t found any vulnerabilities as a result of using the Log4j library.

We are continuing to test our Platform and engage with our software partners as a precautionary measure. At Citadel we take a considered and thorough approach to security and will continue internal audits of all of our systems.

We hope that this might allay some of your concerns, and we would like to assure you that we are confident there are no externally accessible systems which could be affected by this vulnerability. While we continue to manage and monitor our platform and your services, the strict controls we already have in place provide a strong line of defence even if one is found to be vulnerable to this exploit in the future.

If you have any questions or concerns, please do reach out to our Support team, who would be happy to help, using the normal communication methods.