Vercel Security: Response to Log4j Vulnerability

Recently, a series of security vulnerabilities were discovered in the popular logging utility Log4j.

As with any emerging threat, details are still coming to light and investigations are ongoing, but we have not presently identified any use of Log4j in our environment that would make us or our customers susceptible to the detailed exploit. Additionally, we're working with our third-party providers to ensure that they have patched or will patch instances of this vulnerability according to their highest criticality timelines.

Our internal teams are working closely with our external security services provider to monitor our environment. We will send follow-up communications to customers as, and when, appropriate.

Please feel free to reach out to us at security@vercel.com if you have any questions or concerns.