QuoteA zero-day exploit affecting the popular Apache Log4j utility (CVE-2021-44228) was made public on December 9, 2021 that results in remote code execution (RCE).
This vulnerability is actively being exploited and anyone using Log4j should update to version 2.15.0 as soon as possible. The latest version can already be found on the Log4j download page.
https://blog.cloudflare.com/cve-2021-44228-log4j-rce-0-day-mitigation/
This may well have repercussions for anyone running Sphinx, Elasticsearch or anything else that comes bundled with Apache Log4j 2.