Please file a PR instead of an issue if you can. See https://docs.github.com/en/repositories/working-with-files/managing-files/editing-files#editing-files-in-another-users-repository. Thanks for your contribution!

At the moment we don't have enough information about the vulnerability status of the software you mentioned. Do you perhaps have a link to a vendor statement?

I have had contact with the vendor - not vulnerable. I tried to do a pull request, but don't understand, it asks me to compare folders and then I get error messages. Vendor answer:

Please review the following information below and let me know if there are any questions. While the on-prem deployments are not impacted by the remote code execution, you can apply the current remediation steps noted in the KB link below.

Regarding the security vulnerability uncovered in Apache Log4j2 Java library and our assessment of its impact on Automation 360 deployments: Our analysis of this vulnerability indicates that Automation 360 Cloud (Community Edition, Sandbox, Enterprise Edition, Free Trial), on-prem deployments and our bot agents are not susceptible to this remote exploit.

Out of an abundance of caution against vulnerability variants, we are taking further steps:

For Automation 360 Cloud customers, we are actively rolling out patches to our cloud infrastructure to further disable the vulnerable feature of log4j. An updated bot agent will be delivered as a part of those patches. We are requesting that they subscribe to the Automation 360 Cloud Status page for updates on the patch rollout, but no additional action will be required from them at this time.
For Automation 360 on-prem customers and partners, we are recommending a configuration change and a restart, as detailed in this KB article.

For 11.x customers, there is another KB article published with details. Customers with v11.3.x releases are not susceptible; earlier ones have to take the actions outlined.

Due to the additional work on .22 above, there will be a short delay in the timing of the on-prem v.23 release, now available during the week of December 13, 2021. There is no change to the planned roll-out of Automation 360 Cloud v.23, starting the week of January 5, 2022.