A software vulnerability regarding applications that use the Log4j2 Java-based logging utility was identified by Chen Zhaojun of Alibaba Cloud Security Team on 24. November 2021, and made public in CVE-2021-44228 on 9. December 2021.
Does Templafy use this utility? Does this vulnerability affect Templafy?
Templafy does not have any Java code, neither on our servers, nor deployed to clients.
Templafy’s security engineers have analyzed the vulnerability and verified that the vulnerability only occurs when this specific Java logging plug-in is used. Hence, it does not affect Templafy.
Furthermore, we’ve verified that neither our codebase, nor any libraries we have deployed to servers or clients, contains references to or are using Log4j2 in any way.