On December 9, 2021, a vulnerability of Apache Log4j (a logging tool used in many Java based applications) was disclosed, which could allow remote unauthenticated attackers to execute code on vulnerable systems. The vulnerability is tracked as CVE2021-44228, and is also known as “Log4Shell”.
When the announcement was made, immediate action was taken by us to ensure SketchUp’s infrastructure would be protected. Once that immediate action was taken, we conducted a thorough inventory of potentially vulnerable assets and applied mitigating controls that entirely remove the risk. Based on these actions, we believe that the vulnerability does not affect our products or services, including customer data.