On Friday, December 10th, an exploit was reported in the "Log4j" logging library for Java applications that allows unauthenticated remote code execution. We have examined RCE, using both manual inspection and automated vulnerabiltiy scanners, and are glad to report that RCE is not affected by this vulnerability. While RCE uses the Log4j library, the version used is not affected by CVE-2021-44228. This applies not only to the current 10.x releases, but also to all older releases.

Please keep in mind that keeping your software up to date is a good practice in general. In case of RCE, we strongly recommend always upgrading to the latest version.