I’m assuming that you are referring to the really recent Log4J vulnerability, CVE-2021-44228. And yes it’s a nasty one! Yep. Bunch of friends know I run personal servers so I’ve been inundated with messages about it. On the plus side though, there are 2 things working in favour of TurnKey users. Firstly, it’s not installed by default in any of the TurnKey appliances. So unless you’ve …

https://www.turnkeylinux.org/forum/support/sat-20211211-1411/log4j2-vulnerability