This incident has been resolved.
Jan 6, 02:45 PST
AWS has confirmed that the services we rely on were not vulnerable to attacks due to Log4j.
Dec 17, 00:19 PST
Log4j is a Java-based logging utility found in a wide number of software products.
The CVE-2021-44228 vulnerability (aka the “Log4Shell” vulnerability) was disclosed by the Apache Log4j project. If exploited, this vulnerability could potentially allow a remote attacker to execute code on the server.
We don't use Java in our systems and as such have no dependencies on Log4j. The one exception to this is our Android app, Participate, which does not use Log4j.
Our database providers are not affected. We rely on AWS as our datacenter and some of their systems may have been vulnerable in a way that affects us. We are investigating that further.
We continue to monitor the situation.
Dec 14, 03:16 PST