We have org.apache.commons.logging_1.2.jar deployed with some of our apps (as its bundled with POI library) and want to confirm if this is impacted by CVE-2021-44228. It looks like logging_1.2 has a class called Log4JLogger.class and would like to confirm if this has the same vulnerability that has been identified with Log4j (https://www.oracle.com/security-alerts/alert-cve-2021-44228.html).
Thanks. NOTICE: This message, including all attachments transmitted with it, is intended solely for the use of the Addressee(s) and may contain information that is PRIVILEGED, CONFIDENTIAL, and/or EXEMPT FROM DISCLOSURE under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein is STRICTLY PROHIBITED. If you received this communication in error, please destroy all copies of the message, whether in electronic or hard copy format, as well as attachments and immediately contact the sender by replying to this email or contact the sender at the telephone numbers listed above. Thank you!
