It's official: Level Access and eSSENTIAL Accessibility are becoming one! Read the Press Release.

We have assessed CVE-2021-44228 and while the vulnerable log4j library is present in our environment we have determined the risk is low based on how we are using it and where it is deployed. We are working on patches for our hosted software and self-hosted customers, as well as internal systems.

Self-hosted customers with stringent fix timeframes can apply a mitigation by setting the LOG4J_FORMAT_MSG_NO_LOOKUPS system variable to true. Remediation timeframes for updating hosted software is targeted before end of day Wednesday (12/15), a patch for self-hosted customers will be available roughly at the same time but will require additional time to ensure the proper resourcing and coordination.

Recent Resources