|UserVoice Discovery||UserVoice Validation|
*This has been updated and is applicable to the second Log4j Vulnerability (CVE-2021-45046)*
No, UserVoice has not been affected by the Log4j vulnerability.
Apache Log4j is a Java-based logging utility. It is part of the Apache Logging Services used by a variety of software applications and a vulnerability has been detected. UserVoice's applications are not Java-based and therefore do not use the logging utility; although, the UserVoice applications utilize ElasticSearch which is a core part of our infrastructure. ElasticSearch is Java-based and includes Log4j in its codebase; however, due to how ElasticSearch is deployed (use of Java Security Manager) it is not exploitable.
We have since upgraded ElasticSearch. It is now using a version that has an updated Log4j library that includes a patch. UserVoice is not at risk.
If you have any further queries, do not hesitate to reach out to our Support team by clicking the Support bubble in the lower-right corner of this page.