This article explains the impact of Log4Shell/CVE-2021-44228 on the Bevy platform
Our security team has investigated this issue and confirmed that Bevy is not vulnerable to log4j CVE-2021-44228 (also known as Log4Shell).
Please open a ticket for Support should you need additional information.