As part of our commitment to Data Protection & Security, we would like to confirm that Faria services including ManageBac, OpenApply, SchoolsBuddy, Atlas, Pamoja, OSC Study and MiniPD are not affected by the Apache Log4j vulnerability (CVE-2021-44228 and CVE-2021-45046).

We do not run any of our applications on Java or make use of the Log4j library within our systems stacks.

We have continuous monitoring that alerts us to any security vulnerabilities within 3rd party libraries or dependencies across our codebase.

As an added precaution, we have also reviewed security disclosures across all of our sub-processors, the majority of which have confirmed either that they are unaffected or who have patched updates for mitigation. We are seeking clarification from an additional three sub-processors (Airbrake, MandrillApp & SurveyMonkey), who have not yet shared their mitigation status publicly, and we will post a further update as soon as we hear back.

We will continue to closely monitor this and any future vulnerabilities with vigilance and our commitment to your security & data protection as part of ISO 27001:2013.

If you have any questions, please do not hesitate to contact us at security@faria.org.