A very severe security vulnerability named "Log4shell" was found in Apache Log4j. You can read more about it here:
We are getting a lot of questions from customers who are concerned if Group-Office is affected by this vulnerability.
Luckily, I can say that Group-Office or it's dependencies never used this software. The Debian package of Group-Office uses the Apache webserver but this is different software.
That said, it might be that you've installed other package on the server that uses it. You can check this with this command:
dpkg -l | grep log4
Note: This makes sure the Debian package is not installed. But it doesn't check if it was installed by other means!