This vulnerability affects the
cpanel-dovecot-solr RPM that is provided by The install_dovecot_fts Script.
No other cPanel-provided packages are affected by this vulnerability and if
cpanel-dovecot-solr is not installed there are no further steps needed.
cPanels internal development team is to investigate this further.
The only service provided by the cPanel software bundle that uses the logging utility Log4j is
cpanel-dovecot-solr. If you do not have this installed, then your server is secure. Any new installations of Dovecot_FTS will include the patched RPM by default. You can check if this RPM is installed with the following command.