Cesium unaffected by log4j vulnerabilities

Hello everyone,

While Cesium is unaffected by the recent string of log4j vulnerabilities, we felt that its sweeping effect on the internet as a whole warranted a forum post.

  • Cesium’s software and SDKs do not use Java or log4j and are in no way vulnerable to log4j exploits.
  • Cesium’s platform leverages AWS. Like all cloud providers, AWS was affected by the vulnerabilities, but not in a way that adversely affected the Cesium platform. You can read AWS’ full response at Update for Apache Log4j2 Security Bulletin (CVE-2021-44228)


1 Like