On 02-17-2022, fixes and the vulnerability report (CVE-2021-21708) were released. A proof-of-concept exploit based on using PHP to query a database shows that the bug can be used to crash the PHP process, so a working Denial of Service (DoS) attack is already known to be possible.
Versions 8.0 and 7.4 are still supported, and are vulnerable too; if you aren’t using the latest 8.1 flavour of PHP then you need 8.0.16 and 7.4.28 respectively.
All installations of PHP running on Simply Web Services servers have been updated accordingly.