Like thousands of software organizations around the world, Breadwinner was made aware of vulnerabilities that affect websites or applications using Java log4j versions 2.0 – 2.14.1.  We immediately took steps to review our entire code base to determine what, if any, impact our products or backend services could experience.  

After this thorough review, we determined definitively that none of our codebase is affected by these vulnerabilities.  Breadwinner does not utilize log4j2 in any dev, test, or production code.  

While we have complete certainty that our products and services are not directly affected, Salesforce itself does rely on log4j2 libraries in its codebase.  And as a native application within the Salesforce ecosystem, we’ll continue to closely monitor the situation and determine what preventive steps we can take to protect our users from any impacts going forward.  

Those that are technical can follow Salesforce’s progress here.

As always, if you have any questions that we can help clarify, please don’t hesitate to reach our customer success team