You will be aware from the recent NHSD cyber alert service notification, digital.nhs.uk/cyber-alerts/2021/cc-3989, that a critical vulnerability has been discovered in Apache Log4j 2, an open source Java package used by numerous apps and services across the internet. This is being tracked as CVE-2021-44228.

We wanted to reassure you that we are treating this situation very seriously. None of our Docobo developed solutions use the specific library in question, so the exposure is limited. We are confident that our infrastructure, applications, products, and services are not vulnerable to the exploit.

Our IT and security teams are conducting a comprehensive assessment in accordance with our information security policies and procedures and we are also in discussions with our third-party partners and suppliers to verify that none of the elements that we rely on are impacted.

This is a developing situation so we will provide further updates and information, as and when it is available. If you have any questions, please contact us.