[ https://issues.apache.org/jira/browse/LOG4J2-3233?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17459640#comment-17459640 ]
Gary D. Gregory commented on LOG4J2-3233: ----------------------------------------- I am wondering what you are really using because there are no 1.3 or 1.4 versions. Please verify which jar files you are using and list their names. > Log4j 1.x.xx vulnerability assessment > ------------------------------------- > > Key: LOG4J2-3233 > URL: https://issues.apache.org/jira/browse/LOG4J2-3233 > Project: Log4j 2 > Issue Type: Bug > Components: log4j 1.2 emulation, Log4j-to-SLF4J > Environment: PRODUCTION > Reporter: Ram Subramanian > Priority: Major > > Hi Team, > > We are running legacy decade old applications using log4j 1.2.13 and log4j > 1.2.17 , log4j 1.3.xx and 1.4.xx > > Question: > are the above older log4j 1.xx versions been impacted by the security > vulnerability for log4j2 > > Any help and clarity is much appreciated -- This message was sent by Atlassian Jira (v8.20.1#820001)