On December 9th, 2021, a zero-day vulnerability (identified as CVE-2021-44228) was publicly reported for the commonly used Apache Log4j library. This vulnerability is simple to exploit, and it allows for remote-code execution by an attacker. After an investigation, Herbert-ABS has determined that none of our products are affected by this vulnerability. No products sold by Herbert-ABS rely on the Java programming language, so they can neither leverage this library nor be affected by its vulnerabilities. Our downloads website, which is powered by the Drupal DXP, also does not use any Java-based components. Herbert-ABS does have some internal tools that rely on Java, but these tools have been determined by their manufacturers to be safe from attack by malicious third-parties via this exploit.