Lately, the critical Apache Log4j vulnerability CVE-2021-44228 in the Apache Log4j library has been announced. (Please consult e.g. https://logging.apache.org/log4j/2.x/security.html for further information.)
We have checked our infrastructure components both manually and with a help of repository scanning tools. We are not aware of any EWC infrastructure component to be exposed.
However, we have not checked or scanned any workloads inside tenancies. Instead, we want to emphasize that tenants are responsible for their workloads, and each EWC tenant needs to check and update their services. You are advised to check your workload. You should be especially careful if you use any java-based web services such as GeoServer.