![](https://about.codecov.io/wp-content/uploads/2021/12/log4j2.png)
The Apache Log4j 2 669 utility publicly disclosed a high severity vulnerability (CVE-2021-44228) impacting multiple older versions of the software.
Codecov was not impacted by this vulnerability. Our security and engineering teams have done a thorough review of our product code base and dependencies and have concluded that neither our cloud nor self-hosted versions have been affected. We are monitoring and will advise of any changes related to our products.
For further information, please see CVE-2021-44228 and the post from Apache Log4j2.
If you have any other questions regarding this incident, please refer them to our security team.