Summary: 
Our engineering team was made aware of the Log4j vulnerability last weekend, and has since extensively reviewed our system for any impacted entities. We have validated that the most recent vulnerability does not exist in any of our platforms. Meaning, GrowthZone, ChamberMaster/MemberZone, GZCMS, and Builder Fusion platforms are not at risk from this vulnerability.

What is this about?

On December 10, 2021, the Apache Foundation disclosed a critical vulnerability in the Log4j logging library that, if exploited, could give an attacker full control of the affected system. See most recent Common Vulnerabilities & Exposures (CVE) article on this vulnerability. 

Is the GrowthZone platform affected?

The GrowthZone team has extensively gone through our system, and has validated that the most recent vulnerability, regarding the use of Log4j 2.0 or higher, does not impact the GrowthZone system, or its users. This includes all of our offerings: GrowthZone (AMS), ChamberMaster/MemberZone, GrowthZone CMS, and Builder Fusion. 

What about third-party/related entities?

Many of our customers have reached out to us regarding third party entities that they have received similar messages from. We've gone through all portions of our system, including Authorize.net (payment processor), Elastic (search capability), and more, to validate that our use of these entities is also not at risk.