---
title: "Cloudsmith Not Impacted By CVE-2021-44228 (log4shell/log4j)"
description: ""
canonical_url: "https://cloudsmith.com/changelog/cloudsmith-not-impacted-by-cve_2021_44228-log4shell-log4j"
last_updated: "2021-12-13T19:11:00.000Z"
---
# Cloudsmith Not Impacted By CVE-2021-44228 (log4shell/log4j)

On 10th December 2021, a **_critical severity_** Remote Code Execution (RCE) exploit disclosure for **log4j** was published, as [CVE-2021-44228](https://nvd.nist.gov/vuln/detail/CVE-2021-44228), affecting versions below **2.15.0**. The vulnerability has been coined as _Log4Shell_. The log4j framework allows Java developers to log data (incl. user-based) in their applications.

## Is Cloudsmith impacted?

In short: **No**. We confirm that CVE-2021-44228 **does not** impact the Cloudsmith service following a security audit. As per our last announcement regarding [ISO27001 certification](https://cloudsmith.com/resources/blog/cloudsmith-iso-27001-certified), we're highly committed to security and privacy, and we'll do everything we can to assist with ensuring that our customers, and your customers, remain secure too.

## Should I be concerned?

Although Cloudsmith is not impacted, the exploit is exceptionally high impact and highly commonly used, so it should be taken utmost seriously by developers and users of affected software. **Immediate action** is required to identify and mitigate the software and environments impacted.

Please see our full announcement (below) for background, mitigation advice and next steps.
