In response to the reported vulnerability CVE-2021-44228 in the Apache Log4j2 Java library, Little Green Button has conducted a thorough review of its products and internal systems to determine any potential impact on our services or our customers. Our findings detailed below indicate that Little Green Button products and services are not affected by CVE-2021-44228. We will continue to monitor the situation and update this article with additional information.
LGB Infrastructure:
None of our systems are affected by this vulnerability. Preventative measures have been taken on the AWS stack by following and completing official guidance.
Supply Chain:
Chargebee | No |
FreshWorks | No |
ActiveCampaign | No |
Atlassian | No (Statement) |
Currently, we have no reason to believe that any of our infrastructure or providers in our supply chain are affected by this exploit. We do not run any version of Log4j in our self-managed infrastructure or technology stack and these are therefore not impacted by this vulnerability. We are continuing to actively analyse our supply chain of other service providers that our systems rely on, and will update this document with our findings.