Apache LOG4j vulnerabilities - Voucherify update
If you have heard about the recent critical vulnerability of LOG4J library, we want to put your mind at ease and let you know that it is not used directly in Voucherify Applications. LOG4J is used internally in our:
- AWS - all security patches have been applied immediately right after they become available.
- Internal logging system - the patched version is available and we have already deployed it across all of our clusters.
We've instantly scheduled a security audit targeted at this vulnerability. The audit was carried out by a certified third-party company. The results didn't show any vulnerabilities inside Voucherify and the platform remain resistant to attack attempts using the exposed LOG4j vulnerabilities.
In our current understanding, this exploit did not affect data of any of our customers and we are actively monitoring the platform for attack attempts.