According to its latest Weekly Threat report, the NCSC is aware of a remote code execution vulnerability affecting Apache Log4J 2.
If you are affected by this, the NCSC recommends installing the latest version as soon as possible. You can find out more from the NCSC Weekly Threat report for 10th December, available at https://www.ncsc.gov.uk/report/weekly-threat-report-10th-december-2021