Security is always the top concern for RackN. It’s understandable to be concerned if the December 21 Log4j vulnerability (CVE-2021-44228) will impact the Digital Rebar Platform. Since the platform is written in Golang and does not rely on Java, there is no exposure to Digital Rebar.
RackN is committed to maintaining high standards for security and vulnerability reporting. Please consult our CVE page to report or check for issues. Also, please review our Security FAQ for a list of security-specific details about Digital Rebar.
RackN understands that keeping Digital Rebar secure is not enough. Our mission in infrastructure automation is to make the broader ecosystem more secure and resilient. Both “Day 0” and “Day 2” automation is critical so our operators can quickly maintain and apply patches as needed. We are ready to help customers automate these key processes and move to standard processes that can be safely and routinely applied.
We’ll never eliminate the need for patching and vigilance. But together we can minimize the impact and exposure caused by CVEs at every layer in the infrastructure stack.