Background
On the morning of December 10th, 2021, many sources began reporting on a critical vulnerability in the Java library log4j. This allowed remote code execution. In addition, it is a library that is commonly used in a significant amount of software including Apache, Apple iCloud, Steam, Minecraft, and others.
Our Response
Within two hours of receiving notification, we retained an independent security researcher, Jason Slagle of CNWR, to log into our systems and perform an analysis of any potential risk. All core infrastructure was reviewed including routing, switching configuration management, users and monitoring. He was able to confirm that our systems are not affected by this CVE.
Going Forward
Due to the reach of this vulnerability, we will continue to monitor new research to ensure nothing else has been missed. If there is any change to our position we will communicate it immediately to our users.