In scanning my network with https://github.com/Qualys/log4jscanwin I found that all versions of the Lacerte tax planning (not the main program but the planning) software include Log4.jar software.  The newest tax planning software program has version 1.2.17 

VU#930724 - Apache Log4j allows insecure JNDI lookups (cert.org)

What is Lacerte's plans to first notify us that we do have this on our networks and then to update the supported software to remove the vulnerable code from this software?