In light of a recent reported vulnerability I wanted to share the following information with you.
The Apache Software Foundation has released a security advisory to address a remote code execution (RCE) vulnerability (CVE-2021-44228) affecting Log4j versions 2.0-beta9 to 2.14.1. Apache Log4j is a widely used Java-based logging utility. Apache has released multiple new versions to address this issue, culminating with the December 13 release of 2.16.0 which fully addresses the issue.
Trabian has scanned all its server assets, hosted applications, and networking infrastructure and has found no instances of the Log4j library or exploits. Trabian does not leverage Java directly and our focus has been on verifying that any 3rd party libraries also do not utilize Log4j. We have not detected the Log4j library in any Trabian hosted applications. We continue to monitor the situation and will provide updates as necessary.