We have the following log4j vulnerabilities (CVE-2025-68161) in Jaspersoft 8.1.  Can you tell me if there is any hot fix/procedure for this.

From Tibco (Jaspersoft)

"In the default configuration we're not vulnerable to this CVE. We are not use Web socket appender out of the box and you need to go out of your way to specifically configure it. This is usually done when you redirect log4j2 output into some kind of a web based log scraper.

That said, we're working on a patch that will update log4j2 to a non-vulnerable version so the scanners do not warn about it."