Petal not affected by Log4j / Log4Shell vulnerabilities

A critical vulnerability in the popular Log4j library may leave you wondering—does your headless CMS provide adequate protection to secure your website against hackers? Let’s take a closer look at’s architecture to find out.

Matej ZacharDaniel FilakovskyUpdated on Dec 17, 2021Published on Dec 16, 2021

What is the Log4j security vulnerability?

The Log4j library—widely used for logging error messages in Java applications—was hit back in late 2021 by a severe vulnerability. This weakness could be utilized for unauthenticated access to servers and might allow attackers to execute malicious code.

While this vulnerability seems scary at first glance, the good news is that application is not affected by it. application is built on .NET technology and does not utilize the Log4j Java library at all.

Has the Log4Shell flaw affected

Our security team reviewed all dependencies (NPM and NuGet packages) as well as the SDKs that we manage. We made sure that none of these components had a reference to the Log4j library. 

As a result, the Security Team confirms that the Log4j vulnerability does not affect the projects running on

How secure is

Privacy and security are our top priorities. Having ISO/IEC 27001 and 27017 certifications and being SOC 2 Type 2 compliant, maintains high-security standards.

In addition, we perform regular security reviews, vulnerability scans, and penetration tests. We also run Vulnerability Disclosure Program and work with the community of security researchers for early discovery and remediation of vulnerabilities.

Written by

Matej Zachar

I’m a CISO at I own the security strategy and program, aiming to protect, our clients, and our partners.

More articles from Matej
Written by

Daniel Filakovsky

I’m leading the Product Security team at I own the product security vision and bring opportunities to keep even more secure.

More articles from Daniel