When 3T Software Labs became aware of the Log4Shell vulnerability (CVE-2021-44228), we immediately started investigations into any possible exposure to the issue in Studio 3T.
We can confirm, as of 5pm CET 13 December, that the Studio 3T application has no dependencies on Log4J, the package in the Log4Shell vulnerability.
We can also confirm that Robo 3T is not exposed to the vulnerability as it is a C++ application, with no dependency on Java or Java libraries.
We are also ensuring that no tooling or other supporting infrastructure is exposed to the issue and we will continue to monitor the situation.
MongoDB have released their own statement on the CVE-2021-44228 vulnerability and their exposure to the issue.