You may have heard about a recent vulnerability that has been discovered to be impacting a lot of systems that are being used by the NHS (Apache Foundation Log4j 2 vulnerability), we became aware of it late Friday(10/12/21) afternoon and are happy to report that Civica Scheduling does not use Log4j directly in our software or servers. On Saturday(11/12/21), we further confirmed this by running internal tests across Civica Scheduling that would have alerted us if the log4j RCE had executed, which it had not.
Civica Scheduling runs on AWS infrastructure and services such as S3 and RDS which have already been patched to secure against this. The full statement from AWS can be found here: Update for Apache Log4j2 Issue (CVE-2021-44228)
We are always on the lookout for any new vulnerabilities that could impact systems we use to ensure Civica Scheduling continues to be as secure as possible.