Due to the Apache Log4J2 Security Vulnerability CVE-2021-44228, Simflofy is urging all users to update the affected jars in their installation.
Replacing Compromised Jars
As with all software changes for Simflofy, we encourage you to back up your current installation before making any changes.
Shutdown your Simflofy instance if it's running.
In your installation directory, you will need to locate the affected libraries. These are likely in the tomcat > webapps > simflofy-admin > WEB-INF > lib directory or the tomcat > webapps > tsearch > WEB-INF > lib directory. The names of the affected libraries are: log4j-core-2.xx.x.jar and log4j-api-2.xx.x.jar, the xx is a number below 15 since version 2.15.0 was the first released version that contained the fix for this vulnerability.
There are other libraries with names similar to these two libraries. Be sure that you are only replacing the above two libraries.