A remote code execution (RCE) vulnerability affecting Log4j was published on Dec. 10th:
The Log4j component is not used in Teach on Mars' production environment. Therefore, customers' data is not affected by this vulnerability.
The Log4j component is used in internal tools, Confluence and Jira, published by Atlassian. According to their documentation, these software are only vulnerable in case the JMS Appender functionality is enabled. Teach on Mars did not enable the JMS Appender functionality.