Log4j: Is Klaviyo safe?

  • 13 December 2021
  • 1 reply

Userlevel 1
Badge +4

Hi, right now there is a lot going on in the news because of big safety issues caused by Log4j. Our first customer is already asking, so I’m asking the same question here: Is Klaviyo possibly affected by safety issues because of Log4j? I don’t mean the frontend because I don’t think any Java is used there, right? But the backend infrastructure, especially servers saving customer data.


Thanks and good luck to everyone not having any problems in other systems because of Log4j.



Best answer by chloe.strange 13 December 2021, 23:44

View original

1 reply

Userlevel 5
Badge +29

Hi @Simsen,

Klaviyo is aware of the recently disclosed security issue affecting the open-source Apache "Log4j" utility (CVE-2021-44228).  In response to the disclosure, Klaviyo has done and will continue to do our due diligence in protecting our customer’s data. With this, we have deployed additional blocking safeguards, we have audited and scanned our systems for signs of abuse and usage of Log4j within the Klaviyo product.  We will continue to review our systems, however at this time we have reasonable confidence that our usage of Log4j is not vulnerable to remote code execution.  At Klaviyo, our customers are our top priority, so we will continue to actively monitor the issue and provide updates as they become available.