The last couple of days we have received a lot of questions from customers and partners about the latest vulnerability threat from Log4j.
We can assure you all that Humly does not use Java and therefore not Log4j.
We do keep an eye on the tools and utilities we use to try to mitigate any vulnerabilities. Some of them are even automated to warn as early as possible. Over the years we have also removed packages that are old and are considered to have a higher risk.
We also periodically have our products audited, code reviewed and penetration tested by an external auditor - TrueSec. Both with automated tools and manual.
We take security very seriously, I just wanted to update you all on the latest situation.
/ Tomas Nielsen, CTO Humly