Comment by DrScientist

Funny you should mention that - amid the general log4j panic the mere presence of old version on disk would send IT security into a frenzy, irrespective of whether the old version was vulnerable or was deployed in a way where the vulnerability could be accessed.

I had to point out it was because we hadn't updated was the reason our stuff wasn't vulnerable.