SAS has stated to check the note https://support.sas.com/kb/68/756.html for anticipated date of hotfix release which doesn't provide any information about the release date. We are currently on SAS 9.4 M7 release and we had followed instructions provided by SAS to patch the vulnerable version. Our security scan check for version of log4j and report as noncompliant. To prevent this, we would like log4j to be updated to latest version, does anyone aware of the when this hot fix will be made available?