Our servers are not vulnerable to the December 2021 Log4Shell / Log4j security bug

Customers have asked us whether our servers are vulnerable to the recent serious security bug (called “Log4Shell”) in software named “Log4j”.

The good news is that we don’t use the Log4j software anywhere on our servers, and never have. We’ve verified in multiple ways that our servers are not vulnerable to this problem.

That said, we always believe in “defense in depth” when it comes to security, so we’ve also added rules to our web application firewall that will block any IP addresses making attempts to exploit this bug.