A critical vulnerability in the Log4j Java library, known as CVE-2021-44228, was recently disclosed, prompting Nylas and other organizations to swiftly assess and address potential risks. Nylas, prioritizing customer security, conducted a thorough investigation involving a review of its codebases, scanning of production environments using Lacework, and inquiries with third-party vendors. Although Nylas primarily uses Golang and Python, its Java SDK did reference vulnerable Log4j versions, but these were limited to unit tests and examples, not affecting customers, and a patch was quickly deployed. The comprehensive scan of Nylas's environments revealed no vulnerabilities, and third-party inquiries have so far indicated no unauthorized access. Nylas remains committed to transparency and ongoing monitoring to ensure customer data protection as the situation develops.