Log4Shell is the name assigned to a vulnerability in the Java library Log4J. This has been published as CVE-2021-44228.
It affects any Java program that uses a logging library log4j versions 2.0-beta9 to 2.14.1 inclusive. This is a big deal because it is extremely easy to exploit the vulnerability.
Calpendo does use log4j, but it uses an older version that is not affected by this vulnerability. We will be updating to use the very latest version, but no mitigation is necessary for Calpendo to address the Log4Shell problem.