Time: March 2, 2022, 7:11 p.m.

Status: Resolved

Update: This incident has been resolved.

Time: March 2, 2022, 7:11 p.m.

Status: Resolved

Update: This incident has been resolved.

Time: March 1, 2022, 4 a.m.

Status: Monitoring

Update: A fix has been implemented and is being rolled out across Funraise accounts.

Time: March 1, 2022, 4 a.m.

Status: Monitoring

Update: A fix has been implemented and is being rolled out across Funraise accounts.

Time: Feb. 28, 2022, 8:08 p.m.

Status: Identified

Update: We're currently investigating reports of some platform accounts not showing fully up-to-date donation data. Account data is still being stored and ingested and donations are processing correctly but just are not showing up correctly in lists at the moment. We're working on resolving this issue and expect no data loss.

Time: Feb. 28, 2022, 8:08 p.m.

Status: Identified

Update: We're currently investigating reports of some platform accounts not showing fully up-to-date donation data. Account data is still being stored and ingested and donations are processing correctly but just are not showing up correctly in lists at the moment. We're working on resolving this issue and expect no data loss.

Time: Dec. 22, 2021, 5:27 p.m.

Status: Resolved

Update: A handful (~10) of donations using our new PayPal integration failed to process between 4:15am to 6:30am Pacific Standard Time due to a power loss at an Amazon data center. Amazon resolved the situation and donations are processing normally through that integration since 6:30am PST.

Time: Dec. 22, 2021, 5:27 p.m.

Status: Resolved

Update: A handful (~10) of donations using our new PayPal integration failed to process between 4:15am to 6:30am Pacific Standard Time due to a power loss at an Amazon data center. Amazon resolved the situation and donations are processing normally through that integration since 6:30am PST.

Time: Dec. 20, 2021, 5:27 p.m.

Status: Resolved

Update: Funraise for the does not use log4j for any of its native application code. Funraise identified one area of log4j use in a 3rd party component that we use for search engine functionality (ElasticSearch) that is hosted separately from the Funraise Platform core infrastructure. Funraise applied the appropriate initial patches and mitigation strategies on Dec 13 and continues to monitor the situation as new recommendations and patches are released and has found no evidence of exploit or attempted exploit in our application logs. Log4j was also identified in a 3rd party component powering our BI functionality. This functionality is also hosted separately from the Funraise core infrastructure and presents lowered risk of RCE. The vendor for that component patched and updated their infrastructure on Dec 16. Funraise continues to maintain a proactive security posture and undergoes annual analysis of our codebase and infrastructure by an independent security firm.

Time: Dec. 20, 2021, 5:27 p.m.

Status: Resolved

Update: Funraise for the does not use log4j for any of its native application code. Funraise identified one area of log4j use in a 3rd party component that we use for search engine functionality (ElasticSearch) that is hosted separately from the Funraise Platform core infrastructure. Funraise applied the appropriate initial patches and mitigation strategies on Dec 13 and continues to monitor the situation as new recommendations and patches are released and has found no evidence of exploit or attempted exploit in our application logs. Log4j was also identified in a 3rd party component powering our BI functionality. This functionality is also hosted separately from the Funraise core infrastructure and presents lowered risk of RCE. The vendor for that component patched and updated their infrastructure on Dec 16. Funraise continues to maintain a proactive security posture and undergoes annual analysis of our codebase and infrastructure by an independent security firm.