This message is to address inquiries and the impact of CVE-2021-44228, a zero-day vulnerability identified in Log4j Dec 9, 2021.
Docebo Security Team has confirmed Docebo is not using Apache Log4j in the Docebo Learn product and is not affected by this vulnerability.
Docebo security and incident response teams have implemented additional threat detection measures and are actively monitoring this issue should further response be required.
As part of our customer focused security, we recommend monitoring our announcements resources as these provide detailed information on service updates and changes: https://www.docebo.com/product-updates/
Should you have any questions, please reach out to your customer success manager or customer support.
Sincerely,
Docebo Support Team