Alibaba's security team was the first to discover the Log4j vulnerability. Though Alibaba Cloud was not compromised, the company is nevertheless facing consequences for failing to notify Chinese regulators within two days as required by new laws passed in September 2021.