At Jotform, we’re aware of the recently disclosed critical vulnerability related to the Log4j utility (CVE-2021-44228), a common Java library, and since its disclosure, we have worked around the clock to ensure our environment and our customers’ data remain secure.
Since Jotform’s source code doesn’t use Log4j, this vulnerability does not affect our core products and services.
Although the Jotform platform isn’t affected by this vulnerability directly, we do use third-party products and applications in our infrastructure that utilize Log4j as a component.
Over the weekend, the SecOps team inventoried all our backend services for use of this Java library and researched ways to prevent exploitation of this newly disclosed vulnerability. We have implemented a number of mitigating steps across our server and software footprint.
We were able to quickly mitigate this issue in these packages using strategies recommended by vendors and the security community. And we’re continuing to monitor our vendor community for the release of additional patches or packages.
For customers who have more specific inquiries regarding this matter, please use our Support Form, or if you are a Jotform Enterprise customer, feel free to contact your account manager.