We’re happy to share that all web services provided by Nota including Gyazo, Scrapbox, and Helpfeel are not affected by the recent Apache Log4j vulnerability (CVE-2021-44228).
Essentially, this is a critical vulnerability in a tool used to log data by many web sites. It has a high potential for abuse when sites are not updated and secured.
In the case of Nota, we wanted to let you know that we have confirmed none of our services are affected by this vulnerability. Keep reading to learn more about each of our service’s status and to get information from official sources about the vulnerability.
All three of our services have some integration with each other, so we’re letting you know about all three.
Gyazo
Some middleware (a type of internal feature) used in the service had a dependency on Apache Log4j, but we have confirmed that it is not affected by the vulnerability.
In addition, the various Gyazo clients such as Gyazo for Windows, Gyazo for iOS, etc. do not use Apache Log4j and are not affected by the vulnerability.
Scrapbox
Again, some middleware used in the service itself had a dependency on Apache Log4j, but we have confirmed that it is not affected by the vulnerability.
Helpfeel
This vulnerability does not affect Helpfeel because it does not use Apache Log4j.
Learn more
For technical information about the Log4j vulnerability CVE-2021-44228, please refer to the following official sources:
- US CISA log4j vulnerability guidance
- Apache Log4j vulnerability information page
- US NVD technical advisory
If there are any updates in the future, we will update this article with more information.
If you would like to read more about Gyazo security, please check out the article here: Is Gyazo Safe? Yes and here is 7 reasons why.