Update Dec 28, 2021. We are aware of CVE-2021-44832 and are continuing to patch any systems that include log4j updated as patches become available.

Update Dec 20 2021:  We are keeping any systems that include log4j updated as patches become available additional CVEs related to Log4j. This blog relates to the original Apache Log4j CVE-2021-44228. We are aware of CVE-2021-45105 and have applied all available mitigations and updates.

Dec 15 2021: This blog is an update to the previous blog about Concrete and the Log4j vulnerability posted Dec 13.

Concrete CMS itself does not use Log4j but the Concrete Hosting environment does. 

We have been paying attention to all the buzz surrounding Log4j Shell and jumped on CVE-2021-45046 when it was published. We have implemented all additional suggested mitigations and/or updates. We will continue to diligently monitor and patch to keep the sites you host with us as safe as possible!