PeopleFluent's Security and Technology teams have evaluated the recently discovered CVE-2021-44228 security vulnerability introduced in the Log4j library (starting with version 2.0.beta-9) and addressed with configuration defaults in version 2.15.
Our team has reviewed potential version and standard configuration-related exposure across all our product lines and confirmed that no PeopleFluent hosted services (our SaaS offerings) are vulnerable.
Customers running PeopleFluent software on their own premises with recommended/default configuration values should not be vulnerable, however we recommend that your team consults the
to validate that your local configuration values were not changed in a manner that would expose this vulnerability.
PeopleFluent will continue to monitor any developments related to CVE-2021-44228 and provide further updates as necessary.