Back to Changelog
API

API updates

Argyle's systems are not vulnerable to the log4j critical exploitation bug.

As you may be aware, there was a critical bug exploitation with log4j, however, we are happy to inform you that Argyle has not had exposure to this vulnerability and we have taken extra precautions to ensure that all available patches were pushed to production as soon as they were available. In reassurance that we were not affected by the log4j bug:

  • Our API is coded in Python, and the API Gateway we use (Traffik) is written in Go. This vulnerability has not impacted them, and we have conducted an internal penetration test to confirm we were not exposed.
  • Our broader tech stack contains a small number of Java repositories, and we use Logback instead of log4j. Our Java-based services have not been impacted by this vulnerability.
  • As for our broader tooling, only Metabase was listed among the vulnerable apps. This was not exposed to the internet, and we have pushed the latest patched version to production.
  • Finally, our hosted Elastic Cloud solution, which does not contain any user data, has been confirmed as not vulnerable. A new patch has been released, and our production cluster is running on this latest version.

Ready to see what Argyle can do for you?

Get in touch to learn more about our verifications for the mortgage, personal lending, and background check industries, and more.

Contact Sales