The Apache Software Foundation has recently announced a vulnerability in its Log4J utility, which is referenced as CVE-2021-44228. Compliance Systems has reviewed both our internal systems as well as those we develop. We have been notified by Amazon Web Services (AWS) that AWS OpenSearch was using a vulnerable version of Log4J. Compliance Systems uses OpenSearch a a central logging service for our application logs and is limited to our private subnets. We have corrected this with the recommended software patch and determined that we do not have any known exposure to this vulnerability. We continue to monitor the situation to ensure there are no impacts to Compliance Systems.
If you have questions, please reach out to us at support@compliancesystems.com.