RoundingWell is aware of the major security vulnerability that was discovered in the Apache Log4j project (CVE-2021-44228).


We do not utilize this project in any of our products. We have manually audited our projects to ensure the affected Log4j software is not used. We use tools that automatically detect and notify us of any potential security vulnerabilities within our software dependencies. Also, we utilize tools that automatically detect and install dependency updates.


Our hosting provider, AWS, does use Log4j in their services. AWS has taken actions to remediate any impacts to services utilized by RoundingWell. We will continue to work with the AWS support team to identify any potential impact.


In summary, RoundingWell customers have not been impacted by the Log4j vulnerability. We will remain vigilant and work to ensure the security and integrity of the RoundingWell platform.