You might see that the Dropbox Community team have been busy working on some major updates to the Community itself! So, here is some info on what’s changed, what’s staying the same and what you can expect from the Dropbox Community overall.
Forum Discussion
Bigjoe910
4 years agoNew member | Level 2
Log4j Breach
After the discovery of the security breach caused by Log4j on the weekend of December 10-12, 2021. We need to know if your software is vulnerable to this security breach.
- 4 years ago
Hey Bigjoe910 & leksikon - thanks for your patience while we conducted a thorough review of services and components across all Dropbox products.
We have hardened all instances of log4j that were identified on HelloSign and Dropbox-owned platforms by applying a patch or taking other appropriate action. Like many other service providers, we continue to work with our vendors to assess impact and remediation efforts. Our systems are functioning normally and we are not aware of any active threat.
I hope this information helps!
leksikon
4 years agoNew member | Level 2
My company is also asking for a status on this - is Dropbox and HelloSign affected?
- Walter4 years agoDropbox Staff
Hey Bigjoe910 & leksikon - thanks for your patience while we conducted a thorough review of services and components across all Dropbox products.
We have hardened all instances of log4j that were identified on HelloSign and Dropbox-owned platforms by applying a patch or taking other appropriate action. Like many other service providers, we continue to work with our vendors to assess impact and remediation efforts. Our systems are functioning normally and we are not aware of any active threat.
I hope this information helps!
- peteheinlein4 years agoExplorer | Level 4
Is there any update on if both CVE's related to Log4j are remediated or mitigated on the Dropbox platform? The latest CVE was just added late 12/14/2021.
CVE-2021-45046
CVE-2021-44228 - peteheinlein4 years agoExplorer | Level 4
Is there any update on if both CVE's related to Log4j are remediated or mitigated on the Dropbox platform? The latest CVE was just added late 12/14/2021.
CVE-2021-45046
CVE-2021-44228- Zeeman4 years agoNew member | Level 2
Hello everyone
I wrote Dropbox support and received a generic response that they are looking into it and will work the various vendors to work with to provide a safe environment (basically that is what it said); This is disappointing that we need to push the vendor to provide an update to us. TO date (12/21/21) I have not seen a dedicated page on their website for Log4J.
Zee
- jcarreon3 years agoExplorer | Level 3
Hi,
Do you have any update? Could you please confirm how does this affect Dropbox and/or if it has already been mitigated?
Thank you and I look forward to your response.
Kind Regards,
JCarreon
- Walter3 years agoDropbox StaffHi all - thanks for your nudges.
I just wanted to re-iterate that since the incident was originally reported, we have hardened all instances of log4j that were identified on HelloSign and Dropbox-owned platforms by applying a patch and/or taking other appropriate actions.
Just like other service providers, we continue to work with our vendors to assess impact and remediation efforts.
Our systems are functioning normally at the moment and we are not aware of any active threat.
I hope this helps!
About Security and Permissions
Start a discussion in the Dropbox Community forum to get help with your account security and permissions. Find support from Community members.
Need more support
If you need more help you can view your support options (expected response time for an email or ticket is 24 hours), or contact us on X or Facebook.
For more info on available support options for your Dropbox plan, see this article.
If you found the answer to your question in this Community thread, please 'like' the post to say thanks and to let us know it was useful!