Good find Ctek!
We've also raised this issue at Microsoft, someone also made a ticket for it.
https://docs.microsoft.com/en-us/answer ... cerns.html
Luckely (kind of...) this is an older version (1.2), which is NOT affected by this specific log4jshell exploit. It DOES however stem from 2010 or something, is NOT supported anymore and does also contain another CRITICAL with a 9.8 score... And that was in MS SQL for years! Talk about holes...
All software and libraries with a change date older that 2 years should be (re-)evaluated in my opinion. And I do mean every. single. file.