Bitrise’s response to Log4j vulnerability (CVE-2021-44228)

Bitrise customers are not affected by the Log4j vulnerability due to a thorough investigation and mitigation efforts, but it is recommended that they check 3rd party steps/code for potential exposure. The critical vulnerability was found in Apache Log4j, an open-source Java library, and further investigation showed no signs of successful exploitation before the patch was deployed. While official Bitrise Steps are not affected, customers should reach out to third-party step developers and internal developers responsible for custom code to confirm any exposure to this vulnerability.