Blog Post

Log4j 2 Security Vulnerability Update

December 13, 2021 Tom Hu

The Apache Log4j 2 669 utility publicly disclosed a high severity vulnerability (CVE-2021-44228) impacting multiple older versions of the software.

Codecov was not impacted by this vulnerability. Our security and engineering teams have done a thorough review of our product code base and dependencies and have concluded that neither our cloud nor self-hosted versions have been affected. We are monitoring and will advise of any changes related to our products.

For further information, please see CVE-2021-44228 and the post from Apache Log4j2.

If you have any other questions regarding this incident, please refer them to our security team.

Before we redirect you to GitHub...
In order to use Codecov an admin must approve your org.