UPDATED: The Log4j vulnerability has been resolved with each of our vendors and the VPN, while strongly encouraged, is no longer required, as of noon, Jan. 7, 2022.

Original Post:

The Log4j vulnerability is a global security issue that, while not unique to CU, impacts the university broadly. UIS and campus IT teams are working to resolve the issue but, in many cases, we are dependent on vendors issuing software patches.

To mitigate this vulnerability, UIS and campus IT teams have made changes to protect applications that have confidential data. To access those systems, users will need to be either on an in-person CU network or use a CU VPN connection. For System Administration users, follow these steps for connecting to the VPN.