Skip to content

Frequently asked questions

Paid with GoCardless? Read our FAQ for customers

Got a question? Raise a ticket with our Support team

Log4J

GoCardless update on Log4J’s reported vulnerability

As you may have seen in the news, several new vulnerabilities were reported against Log4J (CVE-2021-44228, CVE-2021-45046 and CVE-2021-45105). Log4J is a Java-based logging utility that is used for software development. We advise merchants using the gocardless-pro-java API client to use SLF4J. The authors of SLF4J have now confirmed that the library is not vulnerable. You can find more information about this here  (https://www.slf4j.org/log4shell.html )

Have GoCardless services been impacted by this vulnerability?

Log4J is a popular library and, like most organisations, we do have references to Log4J across our estate. It is also used by some of our approved vendors and we have applied their patches or mitigations. We have mitigated the risk in our own applications by removing the relevant functionality where applicable and have confirmed no other internal applications are affected. Our investigations have found no evidence of successful exploitation of these vulnerabilities. 

Got a question? Raise a ticket with our Support team