DQM System Status
Welcome to the DQ Health Status Board. Below you will find status information for each of our Digital Quality Management services.

DQM

DQM Platform
DQM Scanning Services
API and Connectors

Dynamic Content

Auto-fix Interface
Auto-fix Configuration Services

Spring4Shell Zero Day Vulnerability - 04.01.2022 12:00 pm MST Zero-Day Exploit in Spring Framework | Spring4Shell Crownpeak is actively monitoring the Spring4Shell zero-day CVE-2022-22965 vulnerability.  Please see CVE-2022-22963 and CVE-2022-22965. Our operations team has performed a thorough review of internal systems and support applications to determine if Crownpeak systems contain any exposure to the vulnerability.  These two vulnerabilities have been discovered almost at the same time and thus tend to get mixed up in the news although they have different attack vectors. At this time, no exploits have been identified while we continue to perform our investigation.  We are actively monitoring and managing the issue and have a team working on identifying potential risks in our software components and services. This article will be updated regularly to provide information about how the vulnerability affects Crownpeak and its ecosystem as well as details on how we handle the issue and what you can do to secure your systems.  Be aware that this vulnerability affects many applications as it's an issue in a framework widely used. The information contained in this article is thus... View full report

UPDATE: February 23rd @14:43 GMT You may still experience issues with Page Checker where elements appear to be blocked (see screenshot below as an example). Google have removed the api.digitalqualitymanager.com domain from it's unsafe browsing list - see https://transparencyreport.google.com/safe-browsing/search?url=https:%2F%2Fapi.digitalqualitymanager.com%2F Some 3rd party products, such as virus scanners, also use Google's unsafe browsing list to block sites. These 3rd party products refresh their list periodically so the domain should fall off eventually. If you continue to experience issues with Page Checker being blocked by your virus scanner, please liaise with your internal IT department to get the domain removed from it.   UPDATE: February 14th @ 11:27 GMT Page Checker is fully operational again. After contacting Google, Page Checker is no longer being blocked or reported as "unsafe".   February 10th @ 12:10 GMTWhen using Page Checker in Google Chrome, Google prevents Page Checker from running and displays a message “Deceptive site ahead." When using Page Checker in Google Chrome, Google prevents Page Checker from running and displays... View full report

Log4j Zero Day Vulnerability Update – 12.14.2021 5:00 pm MST Crownpeak is actively monitoring the Log4j2 Zero Day Vulnerability disclosedon December 9, 2021 (CVE-2021-44228). Log4j2 affects the Apache Log4j 2 project and any systems which have deployed the library into an application. Our operations team performed a comprehensive review of internal systems and support applications to update or patch any affected systems. Updates on the review results have been posted to this thread. We continue to actively monitor the situation. The majority of Crownpeak’s products were not affected by the Log4j2 Zero Day Vulnerability, as they are not written in Java, or do not use the Log4j library.  The small subset of Crownpeak’s product components which leverage the Log4j library were affected have been identified and patched to eliminate the risk of exploit. Specific product details are listed below.  Crownpeak will be continuing to monitor our systems as well as third party components related to this situation closely and report any additional updates.   DQM – Digital Quality Management  System required patching due to inclusion in certain internal componentsUpdates and patches to the components... View full report