Our security team has reported they found log4j 2.17 files found in AutoSys 12.1.

The documentation claims AutoSys 12.1 should have shipped with log4j 2.18.

Release : 12.1

For AutoSys, if you are at 12.1 then the files in place should already be at 2.18 log4j
but we have noticed that mistakenly the wrong version of some files were included in the 12.1 media.
They should have been 2.18 but instead they were 2.17
.
Our development team has stated that the file(s) can be replaced with the 2.18 version without issue.

log4j-api.jar and log4j-core.jar in 

$AUTOSYS/lib/
and
$AUTOUSER/webserver/webapps/AEWS/WEB-INF/lib/

are 2.17 and should have been 2.18.
Please replace them with copies of the two files from 
$AUTOROOT/SystemAgent/WA_AGENT/jars/ext
where their versions are 2.18