is there a hotfix for log4j security issue?

We keep seeing emails that there is a HOTFIX for Log4j Security Issue.  If so, do we have to request the hotfix?