While Cesium is unaffected by the recent string of log4j vulnerabilities, we felt that its sweeping effect on the internet as a whole warranted a forum post.
- Cesium’s software and SDKs do not use Java or log4j and are in no way vulnerable to log4j exploits.
- Cesium’s platform leverages AWS. Like all cloud providers, AWS was affected by the vulnerabilities, but not in a way that adversely affected the Cesium platform. You can read AWS’ full response at Update for Apache Log4j2 Security Bulletin (CVE-2021-44228)