» Published on Mon, 13 Dec 2021 16:19:00 +0000

• Resolved

  We are aware of the recent notification of critical vulnerability in Apache Log4j 2 (CVE-2021-44228). We have reviewed all our infrastructure and services have confirmed that none of our hosts or infrastructure were exposed to this vulnerability.

  Our public-facing applications do not use the affected package. Some of our internal tools (not public-facing) do use this software - these have been updated over the course of the weekend and today (Monday) to versions which mitigate the vulnerability.

  No action is required from customers.

  » Updated Mon, 13 Dec 2021 16:19:00 +0000