In response to the reported vulnerabilities CVE-2021-44228 and CVE-2021-45046 in the Apache Log4j2 Java library, Doodle has conducted a detailed end-to-end review of its products and internal systems to determine any potential impact on our services or our customers.
Our findings outlined below indicate that Doodle products and services are not affected by the aforementioned CVEs. We will continue to monitor the situation and update this article with additional information.
None of our systems are affected by this vulnerability. Preventative measures have been taken on our Cloud provider stack by following and completing official guidance.
Currently, we have no reason to believe that any of our infrastructure or providers in our supply chain are affected by these exploits.
We are not running any affected versions of Log4j in our self-managed infrastructure or technology stack and these are therefore not impacted by this vulnerability.
We will continuously assess our supply chain of other service providers that our systems depend on, and will update this article with our findings.