During the second week of December 2021, a vulnerability was reported with the open-source Log4j logging utility.
As part of our due diligence, Vidyard finished the discovery and remediation of its platform and supporting code for the Log4j (CVE-2021-44228) vulnerability as of December 13, 2021.
Vidyard was running a 100% default configuration of Log4j as packaged within Apache Druid, luckily not processing strings in a manner that could be directly exploited. Vidyard's engineering team patched to the latest secure version regardless. Our version is .16, and we are patched for CVE-2021-44228 & CVE-2021-45046.
We are also monitoring the situation quite closely for new developments. If you have any further question, please contact our Support Team.