CVE-2021-44228: Apache Log4j vulnerability

Gemfury team is actively monitoring the reported remote code execution vulnerability in Apache Log4j Java library. We have found no services that are impacted by this vulnerability.

We work closely with the Java ecosystem, and have parts of our service running on the JVM, however, we found no first party usage of Log4j in our stack.

We are still confirming the security impact of this CVE to service providers on which we depend. If Gemfury becomes aware of unauthorized access to customer data, we will notify impacted customers.

We will update this article as we gather more details.