Important Information about CVE-2021-44228 and CVE-2021-45046

Affinity is actively following CVE-2021-44228 and CVE-2021-45046, the closely related security vulnerabilities in the open-source Apache Log4j utility that have been announced recently.

Affinity has very limited use of Java on our production systems, and none of our internet-facing systems use Java. Our internal systems that do use Java do not use log4j. No Affinity production systems are affected at this time.

Since the vulnerability was announced, we have been working closely with all of our vendors to ensure that they are not affected by the vulnerability, or have applied mitigating measures if affected, including upgrading to the fully patched version (2.16.0) of the Log4j library.

At this time, no action from Affinity customers is required.

If you have any additional questions, please reach out to our support team at support@affinity.co. You can also reach our security team directly at security@affinity.co.