Dear community members,
We’ve been getting some questions about the Log4j vulnerability, and we can all breathe in relief: Codacy was not directly impacted by the Log4j vulnerability! Codacy customers are not at risk. After some digging, we concluded our product wasn’t flagged as vulnerable to this issue. Codacy application is written in Scala, which is Java-based, but we rely on a different logging library, not dependent on Log4j.
However, to avoid being exposed through third parties that might be susceptible to this vulnerability, we put in place additional measures to block all requests targeting this vulnerability and prevent them from entering our systems.
For Cloud users, no action is required.
For Self-hosted users, you should still follow best practices and make sure you have the latest Codacy version installed, and take the complementary steps you believe are necessary to prevent this attack on your systems.
We’ll keep monitoring the situation, and if you have additional questions or concerns, please reach out to our Support Team.