The security of the commercebuild platform is of paramount importance to us. As such, when the Log4Shell zero-day vulnerability was made public on December 9, our systems team immediately began their investigation.
They determined that Log4j is not used in our environment. Therefore, the platform is not vulnerable to this exploit.
We have decided to share this information on our Status site after several clients reached out to Customer Success to inquire about CVE-2021-44228. If there are further questions, please contact support@commercebuild.com.