The State of Connecticut and Log4j VulnerabilityThe State of Connecticut is aware of, and is responding to, the global security threat known as the Log4j Vulnerability. Log4j is an open-source Java-based logging software component available from Apache. Security flaws in this software could allow an attacker to take complete control of a vulnerable computer. This component exists in thousands of software products, both known and unknown at this time.
Like everyone, the State of Connecticut is patching affected third party products as fixes become available and we are continuously assessing our risk. We believe that everyone needs to assess their own environment for this vulnerability, both in custom-developed software and in vendor products.
The best source of information and updates on this vulnerability is the Cybersecurity and Infrastructure Security Agency (CISA ) web site found at: https://www.cisa.gov/uscert/apache-log4j-vulnerability-guidance