On Friday 10th December, Apache announced a critical vulnerability within the LOG4J logging library for Java (also now known as “Log4Shell”, CVE-2021-44228).

Security has always been a top priority for Applitools, and our security specialists are fully aware of the recent RCE vulnerability in log4j, affecting numerous applications. Our engineers immediately conducted a complete impact assessment, and validated that throughout our environment, log4j is not used or depended on by any services we use.  

Therefore, Applitools services including the Eyes and Ultrafast Grid services are unaffected. Customers with on-premise installations of Applitools are also unaffected, and won’t need to upgrade or patch any components to address this particular vulnerability. Our security specialists are confident that Applitools products can continue to be safely used without exposure to the Apache log4j RCE vulnerability. 

Our engineers and security team continue to monitor emerging security vulnerabilities and threats and are ready for rapid response should any new vulnerabilities emerge in the future.

Thanks and Happy testing

The Applitools Team

Ready for the next generation of testing?

Get started today Schedule a demo