We have been getting lots of queries regarding the impact of Log4j vulnerability on Smart Wishlist and Smart RSS Feed. We would like to clarify that Log4j was never used in our digital infrastructure. In fact, we don’t use any Java/JVM-based applications. As a result, fear of any impact on your data is unfounded. Your data is safe.
What happened?
On December 9th, 2021, a zero-day exploit in the popular Java logging library “Log4J” (version 2) was discovered and widely publicized. The vulnerability can be used to execute code remotely, by tricking a system into logging a specific malicious string.
As app developers, we are bound by Shopify Partner Program Agreement to ensure that your data remains safe.