Proof-of-concept exploits for a critical zero-day vulnerability in the ubiquitous 

Apache Log4j Java-based logging library are currently being shared online, 

exposing home users and enterprises alike to ongoing remote code execution attacks.

Log4j is developed by the Apache Foundation and is widely used by both 

enterprise apps and cloud services. doesn't use Java nor cPanel Apache Solr plugin. Our shared, reseller and managed SD or managed VPS servers are not affected by this vulnerability.

However, if you have unmanaged dedicated server or VPS with us, we advise you to disable Tomcat Java and Apache Solr plugin via Web Hosting Manager (WHM).

Affected cPanel servers

cPanel servers with Apache Solr (full text search indexing for IMAP);

cPanel servers with Tomcat Java.

cPanel has not released security patch / hotfix yet. You should keep an eye on this thread.