Log4j - SCIM bridge affected?

Question

Hi all,

I have seen a post in a separate section on here stating the Log4j is vulnerability does not affect  the 1Password app, I wanted to get further clarification that the SCIM bridge is not affected by the Log4j vulnerability.

Your help is appreciated.

1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided

Answer

Hi Saqibs

Thanks for reaching out. All of our products and services, including the SCIM bridge, are not affected by the Log4j security bug. Our security teams have thoroughly reviewed all our code and, although we use Java for some internal tools and services, our review indicates that they were not directly exploitable. Our SCIM bridge does not use Java at all, and has no connection with Log4j.

I hope that answers your question, but feel free to reach out again if you have any further questions.

Chas

saqibs · Answer

@Chas_1P

Thank you for the comprehensive reply!

Answer

On behalf of Chas, you are welcome Saqibs! If you have any other questions, please feel free to reach out anytime.

Have a wonderful day&nbsp;:)

Answer

Why isn't there a simple statement or FAQ on the website support page about this

Answer

Hi @JasonRH. Thanks for the question and you make an excellent point. We agree and are working on adding an official response to our support page that includes the same information we shared here, and the reply we provided on Reddit.

Forum Discussion

Log4j - SCIM bridge affected?

Recent Discussions

1Password fails to prompt for approval when using Hyprland

Trouble getting document items in Kubernetes with 1P Connect Operator

CLI hangs when requesting items

Is it possible to select the SSH Client I want to use for ssh:// entries?

Visual Studio Code remote development server and 1Password ssh config