Copado is aware of the recent Log4j vulnerability (CVE-2021-44228) and has been investigating this issue in-depth. We have completed our verification and can confirm that this issue does not affect Copado products. No actions are required by our customers.
In addition, with a focus on defense in-depth, we have implemented industry recommended mitigations to all JVM initiations and enabled a WAF rule to block attempted exploits of CVE-2021-44228.
Since this situation is dynamic and evolving, we will continue to actively monitor for new developments and will provide further status updates as needed.