On Tuesday, December 14, 2021, 10pm CET, a new vulnerability for log4j was reported (CVE-2021-45046). Our security team investigated if the BlueConic services were vulnerable to this issue, and the team concluded with a high probability that the BlueConic services had no exposure. To further ensure that there will not be any exposure to the vulnerability, we have proactively patched the two components using log4j to version 2.17.0 and now consider the issue to be resolved. For more information, you may refer to the incident report.
We will post any updates to status.blueconic.com, where you can subscribe to updates via email or text.