@markd Why are you posting a screenshot of the topic Urgent Security Upgrade for Metabase here, instead of asking the question there?
If you're using 33, then there are several other vulnerabilities, so you should upgrade.
But anything below x.37.0 uses Log4jv1, so while they are not directly known to be exploitable, there are other known vulnerabilities in Log4jv1, which will not be addressed, since it's out-of-date.
In other words; Upgrade if you are using a release older than December 10th 2021.