Security Notice OpenSSL 3 Vulnerabilities After careful review of our infrastructure and SBOM, Chili Piper has determined that we are not currently vulnerable to the OpenSSL 3 vulnerabilities CVE-2022-3602 and CVE-2022-3786 that were disclosed on November 1, 2022.
Security Notice regarding Okta - While the SafeBase product allows customers to authenticate using Okta, Chili Piper does not use Okta internally. As a result, we are not affected by the potential security incident related to claims made by the hacking group LAPSUS$. Please reach out to us at firstname.lastname@example.org if you have any further questions or concerns.
Security Notice regarding the Log4j Java library remote code execution vulnerability (CVE-2021-44228): Chili Piper does not use Log4j and is unaffected by this security vulnerability. Chili Piper uses Logback as our logging framework.
Security Notice regarding the Spring4Shell vulnerability: Starting in April, there has been active exploitation of Spring4Shell (CVE-2022-22965) RCE. Chili Piper is unaffected as we don’t use any Java or Java application servers.
Chili Piper has implemented best-in-class security practices to keep customer data safe. We follow the Google Security model. All our operations run at Google Cloud Platform. Backups are stored on Google Cloud Storage. OAuth tokens are also stored at Google Cloud Storage using native encryption. Each tenant is hosted in a separate MongoDB database instance. All in-transit data is encrypted with 256 bit SSL.