On December 10, 2021, the National Institute of Standards and Technology (NIST) announced a vulnerability in the Apache Log4j library. The Apache Log4j utility is a commonly used component for logging requests. This vulnerability could allow a system running Apache Log4j version 2.14.1 or below to be compromised and allow arbitrary code to be executed.
Like many other companies, we’re following this vulnerability closely. Our security teams are investigating any potential impact on Google products and services and are focused on protecting our users and customers.
Google Ads and Google Marketing Platform are not using versions of Log4j affected by the vulnerability.
Posted by Stan Grinberg, Director, Ads Developer Relations