The Apache community informed us that a vulnerability has been found in the famous library Log4J. Please have a look here. We inform our users that OpenESB is not using LOG4J except for the distributed cache Geode Driver. If you use that plugin, please contact us ASAP.