Framer is aware of a high-severity security vulnerability in the Apache Log4j logging library. This vulnerability was disclosed on Friday by the Apache Log4j project and is being tracked as CVE-2021-4428 (and dubbed "Log4Shell"). If exploited, this vulnerability could potentially allow a remote attacker to execute arbitrary code on the server.
As soon as the vulnerability was made public on Friday (December 10, 2021), Framer's security team began a thorough audit of their products and cloud infrastructure. It was found that Framer products are not directly impacted, as they don't use Java in their stack. Framer does depend on several AWS services that use Apache Log4j, these have all since been patched.
Framer will continue to monitor the situation closely. If you have any questions or concerns, please reach out to your account manager or Framer Support (firstname.lastname@example.org)