News & Topics

Vulnerability Countermeasures for Apache Log4j

A vulnerability has been discovered in Log4j, a Java-based logging library provided by the Apache Software Foundation as open source.

Apache Log4j Vulnerability Countermeasure (IPA)

The following is our opinion on the impact on Moodle.

【Risk Analysis】
The vulnerability is related to Java.
We have observed an attack that exploits a vulnerability in log4j. This vulnerability is related to Java, and is not related to Moodle, which runs on PHP.
Our instance of Moodle does not have the relevant package (Log4j) installed, nor does it have any Java-related packages installed, so it is not directly vulnerable to the attack.
In addition, we have not confirmed any abnormal behavior since December 10.
Therefore, while we can observe attacks, we do not believe they have been successful.

【The Moodle community’s view】
Tim Hunt, who has worked at Moodle HQ in the past, has denied any connection between this vulnerability and Moodle.

See also: Moodle Forum

This vulnerability does not affect Moodle as we currently know it.
If you are a Moodle customer, please continue to use the service with confidence.