Valimail is aware of the recently discovered zero-day vulnerability in Apache Log4j (CVE-2021-45046 and CVE-2021-44228). Valimail is continuing to monitor and analyze the vulnerabilities related to the Apache Log4j disclosure. Valimail applications do not use Log4j. We are checking our other tools and apps to verify possible usage and working to patch and secure anything we find.

To keep your Valimail application and services secure, our security professionals continue to monitor the overall impact of the Log4j remote-code execution vulnerabilities. We will provide new information as it becomes available.

Valimail Blog post on Log4j - Log4Shell Vulnerability: What You Need to Know!