A critical vulnerability known as "Log4Shell" has been found in the Log4j Java library - details can be found here: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228
A subsequent vulnerability has also been discovered as documented here: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45105
The Log4Shell and related vulnerabilities apply only to Log4j v2 and above, and affected only an internal component of Redstor's backend Data Management Platform that is not publicly exposed to the Internet. This has been mitigated by upgrading to log4j v2.17.0.
Log4j is also used on the SE and ESE agents, but these utilise versions that are not affected by Log4Shell. Details can be found here: https://support.redstor.com/hc/en-gb/articles/4413632649233
Note: Other Redstor software, including the Account Server and Storage Server, is not written in Java so does not use log4j, and therefore does not require mitigation.