Quote from Sophos:
On December 9, a severe remote code vulnerability was revealed in Apache’s Log4J , a very common logging system used by developers of web and server applications based on Java and other programming languages. The vulnerability affects a broad range of services and applications on servers, making it extremely dangerous—and the latest updates for those server applications urgent.
Sophos has completed an investigation to determine whether Sophos products are impacted. Please review the Security Advisory for status of your products.
Is this effecting the current i-MSCP version as well?