We are using it in:
Included in Log4j 1.2 is a SocketServer class that is vulnerable to
deserialization of untrusted data which can be exploited to
remotely execute arbitrary code when combined with
a deserialization gadget when listening to untrusted network
traffic for log data. This affects Log4j versions up to 1.2 up to 1.2.17.
23/3/20 - No fix