Loom has been aware of the vulnerability in the Apache Log4j library (CVE-2021-44228). Currently, we are not aware of any impact within our systems, however, we are continuing our investigations as the industry learns more. We have hardened and/or patched affected systems and are continuing to follow up with our software vendors for updates. In the meantime, we have introduced improved detective and preventative measures to protect against any exploitation in our environment. In accordance with incident response procedures, we reviewed our logs and found no evidence of customer data being impacted.
We will continue to provide updates if anything changes or as more information is made available. If you have additional questions, please reach out to security@loom.com.