Dear Users,

A high severity vulnerability, (CVE- 2021-44228), impacting multiple versions of Apache Log4j utility, was disclosed publicly on December 9, 2021. The vulnerability impacts Apache Log4j 2 versions- 2.0 to 2.14.1. Find the details of this vulnerability documented here:

We have not identified any exploitable vulnerabilities related to the Log4j issue in any of our Zoho cloud services. Our cloud services have third-party components that could be potentially vulnerable and hence as a safety measure we have applied the mitigation patch to all our services. We have found no evidence of any successful exploitation as of today. We are continuing to analyze the issue and will provide updates of any new findings. Rest assured that there are no causes for concerns for Zoho users.

For any additional details or assistance, do write to security@zohocorp.com. We'd be happy to help.