An Apache Log4j vulnerability (CVE-2021-44228), disclosed on December 9, 2021, impacted multiple versions of the open-source Apache Log4j library. This library is widely used within the technology industry, including at Grammarly.
Grammarly is committed to the security of the individuals, organizations, and developer partners we serve, and protecting their data is a responsibility we take very seriously. From our investigation of the Apache Log4j situation, there is no evidence that any Grammarly services have been compromised in any way.
Upon learning of the vulnerability, we immediately conducted a thorough analysis of Grammarly systems that could have been affected. Though the Log4j library was installed on some systems, it was not being actively used for Grammarly’s user-facing services. As a preventative measure, however, our team upgraded the Log4j library to a secure version.
We continue to actively monitor this issue, and no action is required from our customers.