We'd like to make you aware of an update pertaining to the security of our systems and your data. Our Tealium security and engineering teams became aware of the widely pervasive Log4j zero-day CVE-2021-44228 issue overnight on December 9, 2021.
We immediately investigated the vulnerability and potential exploits and are proud to report Tealium infrastructure has shown no signs of exploitation or compromise.
As of this morning (December 11, 2021), we have completely remediated all of our environments to remove the vulnerable versions from our codebase, ensuring there is no potential for abuse via the exploit in the future.
Tealium is data-first and protecting your most valuable asset is of the highest importance to us. We continue to diligently monitor our network and systems for any exploit attempts and will always keep you informed. You can follow this post for continued updates on the issue.
Please don't hesitate to connect with your account team if you have any questions.
Please note: As of Jan 21, 2022, Tealium is now on version 2.17.1