Since news broke on December 10, 2021 regarding the CVE-2021-44228 (Log4Shell vulnerability) in the Apache Log4j library, CARTO has been reviewing and monitoring our platform for potential exposure.
CARTO stack is not Java-based and does not use Log4J. Our customers' data was not affected by the vulnerability.
Our security team will continue investigating any potential impact on CARTO’s services, and their focus, as always, will be protecting our customers.