Response to Log4j (Log4Shell) vulnerability
During the second week of December 2021, a vulnerability was reported with the open-source Log4j logging utility.
As part of our due diligence, Vidyard finished the discovery and remediation of its platform and supporting code for the Log4j (CVE-2021-44228) vulnerability as of December 13, 2021.
Vidyard was running a 100% default configuration of Log4j as packaged within Apache Druid, luckily not processing strings in a manner that could be directly exploited. Vidyard's engineering team patched to the latest secure version regardless. Our version is 2.17.1, and we are patched for CVE-2021-44228, CVE-2021-45046 & CVE-2021-44832 as of January 28, 2022.
We continue to monitor the situation quite closely for new developments. If you have any further questions, please contact our Support Team.