Security Compass is not affected by the ‘log4j2’ vulnerability (CVE-2021-44228) on our product side, or internally. SD Elements is a Django application written in Python. Our SaaS instances are composed of several containers, none of which run Java. None of our containers or software uses log4j. Similarly, we don’t have the Java Virtual Machine running on our on-site deployment instances. There is no usage of log4j on those systems as well, unless an administrator has installed something that uses it themselves.
Our Learning Management Platform is also unaffected. We are actively monitoring the issue should further response be required.
We are also actively working with our vendors and subcontractors to ensure that they have mitigations in place and are updating their software or services to remediate this issue. As this issue continues to evolve, we will continue to implement additional remediation actions as appropriate.