Does REW use log4j when writing log files? If so, it is a serious security vulnerability that is being actively exploited.