OpenRefine has very recently released a 3.5.1 version due to the recent log4j vulnerabilities. It's probably a good idea to upgrade our OpenRefine instance on PAWS as well.
(According to discussion on the OpenRefine mailing list, OpenRefine 3.5.0, which is the current version on PAWS, shipped with log4j 1.2.16, which was allegedly not affected by the vulnerability?)