π At Foleon, we don't use any Java-based applications in our tech stack. This means that the critical vulnerability in the popular Apache logging library Log4j (CVE-2021-44228) does not affect us in any way.
On December 9th, 2021, a critical vulnerability in the popular Apache logging library Log4j was announced (CVE-2021-44228). This resulted in a large public interest in vulnerabilities in open-source packages.
After the initial publication of the vulnerability report, we verified whether any Foleon systems were affected.
The Foleon platform itself is not vulnerable due to the absence of Java-based components. This means that CVE-2021-44228 (Log4j) and the two related vulnerability reports (CVE-2021-45046 and CVE-2021-45105)
don't affect us in any way.
After an investigation of services used by Foleon to support our daily operations, we have identified two parties that were affected by the recent vulnerabilities. Both parties have publicly indicated that they have taken mitigating measures β as we evaluated correctly.
As a company, we remain vigilant and will continue to monitor published vulnerabilities as we have been doing in the past few years. If you have any other questions, please feel free to reach out to our Support team.