AutoElevate's services and applications are NOT affected by the Apache Log4j2 vulnerability (CVE-2021-44228).

Background

In 2021, a high-severity security vulnerability in the Java-based log4j logging framework (CVE-2021-44228) was reported and began to be actively exploited on systems across the internet. This exploit, also known as "log4shell" or "shellshock, " provides a vector for remote code execution.

Since the vulnerability was made public, we have been actively reviewing and deep-diving into all our codebases, dependencies infrastructure, and 3rd party vendors to see whether or not any part was affected. We are happy to report that nothing was found.

None of our web services are written or use Java code or libraries. The only Java code in our stack is our Android mobile application, which was checked thoroughly, including all dependencies. In addition, there is no usage of Log4j at all.

Security is a top priority at AutoElevate, so we will continue to review & assess vulnerabilities as they become known. We want to maintain and ensure security in your environments.