To our customers –
You may have seen in the news that a critical vulnerability (CVE-2021-44228) was identified earlier this month impacting a commonly used open-source Apache “Log4j2" utility. We take the security of our systems and our customers’ data very seriously, and we wanted to give you a bit of detail on what Weave has done to verify that the Weave platform is not impacted.
Upon learning of this security issue, Weave swiftly conducted an internal review to identify potentially impacted systems and services providers. Our review showed that Weave’s systems and software do not use this and are therefore not vulnerable to this security issue. We also confirmed that all critical service providers have taken appropriate steps to identify impacted systems and implement corrective measures.
We will continue to monitor the impact of this vulnerability and to keep our systems secure. We will update you if there are any significant developments. If you have any questions regarding this or any other security issue, you can reach me and my team at email@example.com.
Matt Hillary, Chief Information Security Officer