The Apache Log4j 2 669 utility publicly disclosed a high severity vulnerability (CVE-2021-44228) impacting multiple older versions of the software.
Codecov was not impacted by this vulnerability. Our security and engineering teams have done a thorough review of our product code base and dependencies and have concluded that neither our cloud nor self-hosted versions have been affected. We are monitoring and will advise of any changes related to our products.
For further information, please see CVE-2021-44228 and the post from Apache Log4j2.
If you have any other questions regarding this incident, please refer them to our security team.
