Zeplin does not have exposure to this vulnerability.

In December 2021, Apache log4j was found to have a very critical vulnerability, that was both trivial to exploit and was seen as very active across the Internet. Customers of Zeplin rightly ask if Zeplin was vulnerable to these issues.

Zeplin does not directly use any of the software or libraries identified as vulnerable in CVE-2021-44228, and so there is no risk of exposure to this vulnerability through Zeplin.

Zeplin facilitates integrations with other service providers, such as Jira. At this time all of those integrations have been verified not to have exposure, however, we can only vouch for the Zeplin integration to those services. If you use a service like Jira or Trello, we recommend looking to those vendors for their own assessment of this vulnerability in their products.

This bulletin was last updated on 14 Dec 2021.

New information will be updated here as we discover more.