Last week, Aircall's Security team was made aware of a global vulnerability in the Log4j logging framework, CVE-2021-44228. Our team immediately initiated an assessment to determine Aircall's usage of this framework and its impact across Aircall, its products, and its infrastructure.
The team initiated a full scan of Aircall's repositories, and the team was able to confirm that Aircall does not use the package' log4j' in its code.
Our team will continue to test and monitor our services, including checking whether they are vulnerable due to third-party components, and will take necessary actions if/where applicable.
Additionally, Aircall's bi-annual penetration testing exercise started a few days ago, and Aircall's Security team has asked the pen test team to test all Aircall applications for this new vulnerability.
Still in need of assistance? Please feel free to reach out to the Support Team and we’ll be happy to assist!