To determine Log4j vulnerability, Payara has investigated its products:
Payara Server Community
Payara Micro Community
Payara Server Enterprise
Payara Micro Enterprise
and concluded that all remained unaffected.
However, if your application is using the Log4j library, we recommend that you upgrade to the latest version of Log4j, especially when running on a vulnerable JDK version.
Given how ubiquitous Log4j is, the impact of this vulnerability is quite severe. Learn how to patch it, why it’s bad, and more in this post: