Log4j2 vulnerability status
At present, it does not appear that any of the Java programs distributed with BIRCH presents vulnerabilities due to the log4j2 exploit. We have confidence in this assertion for several reasons:

• Log4j2 applies only to Java applications
• A scan of all Java applications, including source code and .jar files was done to identify potentially vulnerable applications.
  
• Some older applications use versions of  log4j that are not susceptible to this exploit.
  
• None of these applications acts as a web or peer-to-peer server
• All BIRCH applications run with user permissions only. None uses admin permissions.
  

Out of an abundance of caution, further investigation into this potential problem are ongoing.This message will be updated accordingly.

We will take this opportunity to remind all BIRCH users that your best defenses against potential security threats are to

•  run system updates on a routine basis
•  back up your files offsite (eg. to the cloud or network-attached storage)
• change your passwords frequently.