The search appliance is not affected by the log4j vulnerability CVE-2021-44228 (log4shell) that allows arbitrary code execution using jndi and ldap. No update is needed.
Log4j vulnerability
Re: Log4j vulnerability
The search appliance is also not affected by the 2nd log4j vulnerability, CVE-2021-45046.
Re: Log4j vulnerability
One more for the list. Thunderstone products are not vulnerable to CVE-2021-45105, uncontrolled recursion. No version of Thunderstone products are vulnerable to these as they don't use log4j2.