Gatsby has confirmed that it is not affected by the recent Log4j 2 vulnerability, a critical security issue in the popular Java logging library that allows for potential remote command execution and data leaks. The vulnerability, which emerged on December 6, 2021, was swiftly weaponized and widely exploited by December 10, 2021. Gatsby's security team conducted a thorough review of their infrastructure and application stack and found no systems or services utilizing the vulnerable Log4j 2 package. This assurance extends to both Gatsby's open-source users and Gatsby Cloud customers, as their technology stack typically does not utilize Java-based applications, and the few vendor-supplied services using Java were not affected. For further security inquiries, Gatsby encourages communication via their security email.