Log4j Vulnerability
Last updated
Last updated
Flow is working diligently to protect our customers, products, and partner ecosystem from the impact of the Log4j vulnerabilities. We have evaluated the impact of the issues across all our services and completed an assessment of these vulnerabilities.
Flow teams are monitoring the evolving information around these issues, adapting as conditions change and determining the best possible resolution options for our customers. We are continually monitoring the vulnerability information available for all updates.
Compute Instances (including Flow Cloud Servers) are not vulnerable to the Log4j security vulnerability. Our team reviewed its tech stack, found three areas of concern, and issued a patch to close the concern.
Compute Images / Templates does not use Log4j. However, we recognize that customers may run vulnerable applications. We encourage you to review the applications you run for potential impact information on this vulnerability.
Mac Bare Metal does not use Log4j. However, we recognize that customers may run vulnerable applications. We encourage you to review the applications you run for potential impact information on this vulnerability.
Kubernetes does not use Log4j. Therefore, no additional patches or mitigation activity is required at this time.
App Engine does not use Log4j. However, we recognize that customers may run vulnerable applications. We encourage you to review the applications you run for potential impact information on this vulnerability.
As an addition from a certified templates perspective, JavaEngine and WildFly templates contain log4j-api but not log4j-core. According to LOG4J2-3201 customers which only depend on log4j-api are not affected by this vulnerability.
Spaces does not use Log4j. Therefore, no additional patches or mitigation activity is required at this time.
Volumes does not use Log4j. Therefore, no additional patches or mitigation activity is required at this time.
Networking does not use a vulnerable version of Log4j. Therefore, no additional patches or mitigation activity is required at this time.