We know many customers and prospects are concerned about the recent Apache Log4j vulnerability – CVE-2021-44228. The Celigo team has taken this very seriously and initiated an investigation into the possible impact as soon as the Log4j vulnerability was made public.
Celigo’s security and engineering teams have thoroughly investigated, and for the infrastructure we control directly, Celigo’s products are NOT affected directly by the Apache Log4j vulnerability, for either Integrator IO (and all integration flows), or CloudExtend.
- The Celigo Integrator.io platform and integration apps are NOT affected and all service providers that are part of the supporting infrastructure have also been cleared as not affected.
- The CloudExtend products are not affected, but the assessment of the service providers that are part of the supporting infrastructure is still ongoing. At this point, of the vendors that have completed their investigations and responded, there are no issues or they have been remediated by the vendor. The remaining vendors that have not responded do not have direct access to any in-process data and thus the risk is very low.
- As a result, no additional patches, logging, or monitoring has been needed as Celigo’s systems have not been affected by the Apache Log4j vulnerability exploit.
Rest assured, Celigo takes security seriously, and we have a comprehensive vulnerability management program that includes quarterly vulnerability scans, annual penetration testing, and monitoring for emerging vulnerabilities like this one for Log4J.
We appreciate your concern for data security and take our role as a steward of your data very seriously. We will continue to monitor for any new developments regarding this vulnerability, and will follow this message with updates as needed.