Log4j is a Java library by Apache used to log debug messages within applications. It's recently been featured in news outlets around the world due to a vulnerability (known as Log4Shell) that was discovered allowing remote code execution using a specific string.
Laravel Forge does not install Log4j by default. Furthermore, Forge does not install any applications known to use Log4j.
The vast majority of servers provisioned by Forge will not be vulnerable; however, if you have manually installed applications such as ElasticSearch your server may be affected.
To check if your server is affected, you can use a script such as
Laravel Vapor does not install or use Log4j in both the native or Docker runtimes. However, if you have manually installed libraries, use custom layers, or customize your
Dockerfile, it is possible that Log4j has been installed due to those modifications.
You should check your environment for vulnerability and take action if necessary.