As announced by multiple security authorities on December 9, 2021, the Apache Log4j Library Vulnerability (CVE-2021-44228) is a critical security issue that could allow a vulnerable system to be compromised by an attacker. The following is a summary of the impact of this vulnerability on the Soracom platform and actions taken by Soracom to prevent system compromise:

• We have confirmed that all necessary security patches needed to fix the vulnerability have been applied to the Soracom system components affected by this vulnerability.
• We have additionally performed an internal audit of system components to determine if any breach or exploit has occurred, and have confirmed that none of Soracom's systems, such as customer data, have been compromised.

At this time, all systems are operating normally, and there is no need for Soracom customers to perform any actions in response to this vulnerability.

If you have any questions or concerns regarding this vulnerability, please feel free to contact the Soracom support team at your earliest convenience.