A new vulnerability affecting multiple versions of the Apache Log4j2 library was announced on 10 December 2021, under CVE-2021-44228.
ApplianSys have investigated this vulnerability and we confirm that it is not present in any of the DNSBOX, CACHEBOX, or EDUGATEBOX products because Log4j is not used in ApplianSys software.
Users who perform a search on the firmware may see files relating to Log4j. Some software components provide an interface to Log4j, and as such, there may be references to this library, however, the Log4j library is not used or provided on any of our firmware.
Therefore, no firmware upgrade is required.