SMU has been actively reviewing all systems and associated third-party services following the alert issued by the United States Cybersecurity and Infrastructure Agency (CISA), highlighting a vulnerability in Log4j. Log4j is an open source software package created by the Apache Foundation to record activity within an application.
Maintaining the data security of SMU’s community is our highest priority, however OIT is sensitive to any potential disruptions during finals week. This software vulnerability requires patches to be implemented or additional security controls to be put in place to mitigate the risk of compromise. A number of IT change notices will be sent this week and maintenance windows will be coordinated with service owners to minimize impact to students preparing for exams.
This is a worldwide vulnerability impacting many organizations and applications. Many external organizations will be scheduling outages as well as the world responds to this critical severity issue.
To learn more details about this vulnerability, please read Log4Shell Vulnerability Impacts Systems Across the Internet.