• Blog
  • Docs
  • Careers
  • Get Support
  • Contact Sales
DigitalOcean
  • Featured AI Products

    Compute

    Build, deploy, and scale cloud compute resources

    Containers and Images

    Safely store and manage containers and backups

    Managed Databases

    Fully managed resources running popular database engines

    Management and Dev Tools

    Control infrastructure and gather insights

    Networking

    Secure and control traffic to apps

    Security

    Help protect your account and resources with these security features

    Storage

    Store and access any amount of data reliably in the cloud

    Browse all products

  • AI/ML

    CMS

    Data and IoT

    Developer Tools

    Gaming and Media

    Hosting

    Security and Networking

    Startups and SMBs

    Web and App Platforms

    See all solutions

  • Community

    Documentation

    Developer Tools

    Get Involved

    Utilities and Help

  • Become a Partner

    Marketplace

  • Pricing
  • Log in
  • Sign up
  • Log in
  • Sign up

Company

  • About
  • Leadership
  • Blog
  • Careers
  • Customers
  • Partners
  • Referral Program
  • Affiliate Program
  • Press
  • Legal
  • Privacy Policy
  • Security
  • Investor Relations

Products

  • GPU Droplets
  • Bare Metal GPUs
  • Inference Engine
  • Data & Learning
  • Evaluations
  • Model Library
  • Droplets
  • Kubernetes
  • Functions
  • App Platform
  • Load Balancers
  • Managed Databases
  • Spaces
  • Block Storage
  • Network File Storage
  • API
  • Uptime
  • Cloud Security Posture Management (CSPM)
  • Identity and Access Management (IAM)
  • Cloudways
  • View all Products

Resources

  • Community Tutorials
  • Community Q&A
  • CSS-Tricks
  • Write for DOnations
  • Currents Research
  • DigitalOcean Startups
  • Wavemakers Program
  • Compass Council
  • Open Source
  • Newsletter Signup
  • Marketplace
  • Pricing
  • Pricing Calculator
  • Documentation
  • Release Notes
  • Code of Conduct
  • Shop Swag

Solutions

  • AI Training GPU
  • GPU Inference
  • VPS Hosting
  • Website Hosting
  • VPN
  • Docker Hosting
  • Node.js Hosting
  • Web Mobile Apps
  • WordPress Hosting
  • Virtual Machines
  • View all Solutions

Contact

  • Support
  • Sales
  • Report Abuse
  • System Status
  • Share your ideas

Company

  • About
  • Leadership
  • Blog
  • Careers
  • Customers
  • Partners
  • Referral Program
  • Affiliate Program
  • Press
  • Legal
  • Privacy Policy
  • Security
  • Investor Relations

Products

  • GPU Droplets
  • Bare Metal GPUs
  • Inference Engine
  • Data & Learning
  • Evaluations
  • Model Library
  • Droplets
  • Kubernetes
  • Functions
  • App Platform
  • Load Balancers
  • Managed Databases
  • Spaces
  • Block Storage
  • Network File Storage
  • API
  • Uptime
  • Cloud Security Posture Management (CSPM)
  • Identity and Access Management (IAM)
  • Cloudways
  • View all Products

Resources

  • Community Tutorials
  • Community Q&A
  • CSS-Tricks
  • Write for DOnations
  • Currents Research
  • DigitalOcean Startups
  • Wavemakers Program
  • Compass Council
  • Open Source
  • Newsletter Signup
  • Marketplace
  • Pricing
  • Pricing Calculator
  • Documentation
  • Release Notes
  • Code of Conduct
  • Shop Swag

Solutions

  • AI Training GPU
  • GPU Inference
  • VPS Hosting
  • Website Hosting
  • VPN
  • Docker Hosting
  • Node.js Hosting
  • Web Mobile Apps
  • WordPress Hosting
  • Virtual Machines
  • View all Solutions

Contact

  • Support
  • Sales
  • Report Abuse
  • System Status
  • Share your ideas
© 2026 DigitalOcean, LLC.Sitemap.
Trust & Security

DigitalOcean’s response to the Log4j security vulnerability

author

By DigitalOcean

  • Published: December 13, 2021
  • 3 min read
<- Back to blog home

DigitalOcean has been monitoring the Log4j vulnerability (CVE-2021-44228) and has been testing across all of our products to validate any potential exposure or risks of this vulnerability. We strongly encourage you to review all of your projects and visit our Community FAQ with updated vulnerability guidance. We wanted to provide you with an update on our review by product as the information is available:

Droplets

  • Droplets are not vulnerable to the Log4j security vulnerability. The Droplet team reviewed its tech stack, found one area of concern, and issued a patch to close the concern.
  • The Droplet team is continually monitoring the vulnerability information available for all updates to the details of the vulnerability. 

Marketplace

  • Marketplace has reached out to all Marketplace Vendors to confirm they are aware of the vulnerability, and to understand if they have taken remediation action or were unaffected.
  • We have temporarily disabled new 1-Click App deployments for some vendors and will continue working with them to make sure the vulnerabilities are fixed prior to reenabling those 1-Click App deployments.

Kubernetes

  • Kubernetes does not use Log4j. Therefore, no additional patches or mitigation activity is required at this time. 
  • The Kubernetes team is continually monitoring the vulnerability information available for all updates to the details of the vulnerability. 

App Platform

  • App Platform does not use Log4j. However, we recognize that customers may run vulnerable applications. We encourage you to review the applications you run for potential impact information on this vulnerability.
  • The App Platform team is continually monitoring the vulnerability information available for all updates to the details of the vulnerability. 

Spaces

  • Spaces does not use Log4j. Therefore, no additional patches or mitigation activity is required at this time. 
  • The Spaces team is continually monitoring the vulnerability information available for all updates to the details of the vulnerability. 

Volumes

  • Volumes does not use Log4j. Therefore, no additional patches or mitigation activity is required at this time. 
  • The Volumes team is continually monitoring the vulnerability information available for all updates to the details of the vulnerability. 

Images (Snapshots, Backups, and Custom Images)

  • Our images stack includes Apache Zookeeper. We have investigated our configuration and determined its vulnerability to Log4j has been mitigated. We continue to watch upstream for patches and will upgrade as soon as they are available.
  • The Images team is continually monitoring the vulnerability information available for all updates to the details of the vulnerability. 

Managed Databases

  • Managed Databases does not use Log4j. Therefore, no additional patches or mitigation activity is required at this time.
  • The Managed Databases team is continually monitoring the vulnerability information available for all updates to the details of the vulnerability. 

Networking

  • Networking does not use a vulnerable version of Log4j. Therefore, no additional patches or mitigation activity is required at this time. 
  • The Networking team is continually monitoring the vulnerability information available for all updates to the details of the vulnerability.

About the author

DigitalOcean
DigitalOcean
Author

Share

  • Trust Security

Start building today

From GPU-powered inference and Kubernetes to managed databases and storage, get everything you need to build, scale, and deploy intelligent applications.
Sign up

Related Articles

Enhancing Security with User-Specific Access Keys for DigitalOcean Functions
Product updates

Enhancing Security with User-Specific Access Keys for DigitalOcean Functions

Amulya Tomer
  • March 23, 2026
  • 5 min read

Read more

OAuth App Based Workload Identity for Droplets
Trust & Security

OAuth App Based Workload Identity for Droplets

John Andersen
  • October 22, 2025
  • 8 min read

Read more

How DigitalOcean Uses Semgrep to Fortify Security: A Highlight From Our Toolset
Trust & Security

How DigitalOcean Uses Semgrep to Fortify Security: A Highlight From Our Toolset

Jordan Vaughn
  • October 7, 2024
  • 2 min read

Read more