VMware has released new a critical security advisory, VMSA-2021-0028. This advisory is for multiple VMware products that use the popular open-source log4j Java logging component, which was discovered to have a critical vulnerability in it (CVE-2021-44228)

This needs your immediate attention, not just at the VMware product level, but also for all other software in your environment. The log4j component is used by many vendors and software packages. For more information about the VMware products please visit https://www.vmware.com/security/advisories/VMSA-2021-0028.html

For Horizon DaaS 9.0.x and Horizon DaaS 9.1.x. a workaround is provided in the form of a hotfix. The hotfix should be applied to remediate the CVE-2021-44228.