On December 10th, 2021, the US Departmentr of Commerce's National Institute of Standards and Technology added CVE-2021-44228 to its National Vulnerability Database, impacting versions 2.x of the Java logging library log4j (also known as log4j2). Imaginary's website development is written in Python and does not directly make use of Java.
Imaginary does make use of Elasticsearch for an internal search application, which was impacted by the vulnerability . Imaginary DevOps staff has addressed the Elasticsearch issue.
Imaignary will continue to monitor the situation and take action when warranted.