Our team is continuing to remediate vulnerabilities as soon as they are found and will continue to assess and monitor our environment. We’ve recently identified two more vendor supplied internal software tools that contained the vulnerable library. Those tools were patched with the recommended patches as supplied by the vendors. We have not detected any impact to any data. Please watch for communications from Lever with additional details as they are available.
Lever is committed to the protection and safety of your data. We are aware of the recently disclosed Apache Log4j2 vulnerabilities (CVE-2021-44228, CVE-2021-45046, CVE-2021-45105, and CVE-2021-44832). We are actively monitoring this issue and are working to remediate any Lever services that use the vulnerable component Log4j. We appreciate your trust in us as we continue to make your success our top priority.
For more information, please review CVE-2021-44228, CVE-2021-45046, CVE-2021-45105, CVE-2021-44832 and the Apache Log4j2 post. Updates will also be posted to https://status.lever.co
as additional information becomes available.