A high severity vulnerability (CVE-2021-44228) impacting multiple versions of the Apache Log4j 2 utility was discovered on December 9, 2021.
Code42 does use Java within Code42 products (including CrashPlan for Small Business), but current releases of all affected services and agents leverage a JVM version higher than 11.0.1 which prevents exploitation of the remote code execution vulnerability. As a further point of mitigation, Code42 will be updating to the latest patched version of log4j as part of future releases of our products.
Since unsupported or out-of-date installations may be affected, make sure you are running the latest supported Code42 app version.
For further information, see our article Code42 response to industry security incidents.