Read our Security Team's official statement on the vulnerability of Mattermost to the recently discovered log4j CEV's:
Mattermost would like to share a quick update that our services and products are NOT affected by the Log4j security vulnerability (also now known as “Log4Shell” or CVE-2021-44228).
Log4j is used in many forms of open-source software, however, none of the Mattermost code, products or services are impacted.
Although the Mattermost Security Team does not publicly confirm when our services or products are not affected by any new vulnerabilities, we are making an exception due to the widespread exposures and criticality of this instance. For additional information regarding our vulnerability processes feel free to review our Responsible Disclosure Policy and Bug Bounty Program 2.
We thank you for your time, and please reach out to firstname.lastname@example.org with any questions.