We are not impacted or at risk from the recently disclosed security vulnerability but are closely monitoring the issue
Last Updated: 13/12/2021
Following the disclosure of the Apache Log4j CVE-2021-44228 vulnerability on December 9th, we conducted an audit of our software stack and externally developed applications.
We found that we were not immediately impacted or at risk from the Log4j vulnerability. We do not use Java in its proprietary software. Furthermore, while we do operate some Java based applications which could be susceptible to this attack, these are not exposed to the public internet and have been patched nonetheless.
We are awaiting updates from our upstream cloud service providers to see whether they've been impacted and any remediation is required.