InfluxData is aware of two recently reported Apache log4j vulnerabilities CVE-2021-44228 and CVE-2021-45046. The company confirms that its software does not employ log4j, nor is it within their supply chain. All versions of InfluxData's services and software are covered by this statement, including InfluxDB OSS, InfluxDB Enterprise, InfluxDB Cloud, Telegraf, Kapacitor, and Chronograf. The company has patched its backend systems that include log4j as of December 10, 2021, which remain isolated from their cloud services infrastructure.