UniFi Controller security concern (zero-day Log4j exploit)
This morning we were alerted to a possible CVE that could impact UniFi hosted controllers.
https://www.lunasec.io/docs/blog/log4j-zero-day/
I see that the UniFi Controller software uses Java and the Log4j framework for logging (as of this writing, Log4j 2.13.3 is used by UniFi Controller ("UniFi Network Application") version 6.5.53).
Ubiquiti to their credit have reacted to this and released 6.5.64 which has a single fix for this error over version 6.5.53.
Clouduni.fi are now testing 6.5.54 and will be upgrading 104 controllers.
/edit 22:57 GMT. All 104 controllers have been upgraded to 6.5.54