Security updates: Grafana and Log4j

Aiven's CISO recaps the recent vulnerabilities and what Aiven did about them. The company dealt with two major security issues - a path traversal vulnerability in Grafana and a Remote Code Execution (RCE) vulnerability in Log4j, also known as Log4shell. Both of these issues represent some of the most interesting but also most painful kinds of security problems that Aiven has seen before and will see again. The company's monitoring noted an increase of blind path traversal requests trying to probe for the vulnerability starting on December 6th, while all Aiven services were remediated by December 11th - a period of just over 24 hours from awareness to remediation.