FYI - I found this statement on the Control4 web site.
LOG4J VULNERABILITY RESPONSE Dear Partner, On Friday, Dec 10, a vulnerability in the “Log4j” Java library was announced (CVE-2021-44228). An initial audit of our systems and applications indicates that the vulnerability is not present in any Snap One mobile application or product. Snap One’s usage of the affected “Log4j” library is limited to internal, backend services. Based on available information, we have no indication that the vulnerability has been exploited within our organization and are confident that there is no impact to customer data. The security of our products is a top priority and critical to our ongoing commitment to foster trust and transparency for our customers. Snap One continues to monitor our systems and applications, as well as information provided by CISA (Cybersecurity and Infrastructure Security Agency), threat intelligence and other vendors for new information, and we will continue to take prompt action as necessary. Snap One Cybersecurity Team