Reading Plus Response to Log4j/log4shell Vulnerability
On December 9, 2021, researchers posted a warning about a dangerous vulnerability in the logging utility program log4j. Since then, at least two additional vulnerabilities have been discovered in that same utility. All of these are severe enough to potentially allow full compromise of impacted systems and data. You can do a web search for log4shell to get more information and insight. One of the best explanations of the issue can be found at Rapid7.com.
DreamBox Learning has reviewed our offerings (DreamBox Math, Reading Plus Literacy, and Squiggle Park) for these vulnerabilities. None of our products are vulnerable to this issue. All systems are protected, and customer data is safe.
We are still actively engaged on this issue. We are planning upgrades and changes that will provide an additional layer of protection against similar issues in the future, and we are continually monitoring for news of any additional threats to the security of our systems. If you have any questions about this, or any aspect of DreamBox security or privacy, please contact us at firstname.lastname@example.org.