On December 10th, 2021, a group of security researchers published a security notice regarding a critical vulnerability in Log4j, a library used by Java Environments. This vulnerability has been named “Log4shell”. More information on log4shell are available here: https://en.wikipedia.org/wiki/Log4Shell
Our technical team immediately performed verifications on our infrastructure. Domainarium 2, our EPP tools and our DNS architecture do not use Java and are not concerned by “Log4shell”.
The only IP Twins resources that use Java are :
- the domain name registrations database that we use for third-party domain name registration watch service, and;
- the VMware solution our hosting provider OVH is using for the management of a portion of our machines (private cloud);
However, access to all these resources are subject to a strict IP Whitelisting. Therefore, they cannot be accessed from outside of IP TWINS.
Although this topic is closely followed by our technical team, we inform you that the log4shell vulnerability does not affect the security and the integrity of IP TWINS resources and services, notably our registrar and Nameservers services.
The IP TWINS team remains available for any further question you might have on this topic.
