Please confirm if you're planning to bundle an updated log4j library file as part of a patch (if so please provide an ETA) as it seems apparent that the version bundled with iDash and Apache Tomcat/8.5.68 is outdated/unsupported:

$IDASH_HOME/lib/log4j-1.2.13.jar
$IDASH_HOME/lib/lib/log4j-1.2.17.jar
$IDASH_HOME/lib/tomcat8/webapps/idash/WEB-INF/lib/log4j-1.2.17.jar
$IDASH_HOME/lib/tomcat8/webapps/idash/log4j-1.2.17.jar

Release : 12.0

iDash 12.1.02 has the latest log4j libraries.  iDash does not have any exposure to any currently known log4j exploits.