Skip to main content
December 14, 2021
Question

Log4j - SCIM bridge affected?

  • December 14, 2021
  • 6 replies
  • 431 views

Hi all,

I have seen a post in a separate section on here stating the Log4j is vulnerability does not affect the 1Password app, I wanted to get further clarification that the SCIM bridge is not affected by the Log4j vulnerability.

Your help is appreciated.


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided

6 replies

December 14, 2021

Hi @Saqibs

Thanks for reaching out. All of our products and services, including the SCIM bridge, are not affected by the Log4j security bug. Our security teams have thoroughly reviewed all our code and, although we use Java for some internal tools and services, our review indicates that they were not directly exploitable. Our SCIM bridge does not use Java at all, and has no connection with Log4j.

I hope that answers your question, but feel free to reach out again if you have any further questions.

Chas

SaqibsAuthor
December 14, 2021

@Chas_1P

Thank you for the comprehensive reply!

December 15, 2021

On behalf of Chas, you are welcome @Saqibs! If you have any other questions, please feel free to reach out anytime.

Have a wonderful day :)

December 20, 2021

Why isn't there a simple statement or FAQ on the website support page about this

December 21, 2021

Hi @JasonRH. Thanks for the question and you make an excellent point. We agree and are working on adding an official response to our support page that includes the same information we shared https://1password.community/discussion/comment/622770/#Comment_622770, and the https://www.reddit.com/r/1Password/comments/rea7dd/what_is_1passwordcoms_exposure_to_log4j2/hoe41ci/?utm_source=reddit&utm_medium=web2x&context=3.

1Password Employee
December 23, 2021

@JasonRH,

We have also published an official statement on our website: https://support.1password.com/kb/202112/