Alvaria, along with the vast majority of the technology industry, is aware of CVE-2021-44228, referred to as Apache Log4j vulnerability, in certain versions of the Java logging library. We are actively working to fully assess any potential impacts to Alvaria products, but at this time, we are not seeing active exploitation of this vulnerability.
We have already implemented remediations where possible and are working to communicate any potential exploit paths with specific customers that may be impacted.
We know that Apache Log4j is a significant vulnerability and are committed to working closely with our customers and partners to determine potential impacts and deliver fixes or workarounds as quickly as possible. Our customers are our top priority, and we will provide updates as soon as more information becomes available.
Alvaria customers can expect a communication from [email protected] if there are any potential impacts. We encourage you to check in with your account teams and our customer care site where you can access the current updates in the KB Article 39593 which we will be updating regularly. For answers to some frequently asked questions on this topic consult KB Apache Log4j2 Vulnerability FAQ.