Log4j has 2 versions. One is Log4j 1.2.X and another one is 2.XX which is known as Log4j2. The vulnerability that was found was in Log4j2 rather than in Log4j 1.2.X versions. So users who are using are Log4j versions (Log4j Core) are affected by this vulnerability. So any projects that are using Log4j version 2.x should upgrade to 2.16.0 immediately
Version 2.16.0 can be found here – https://mvnrepository.com/artifact/org.apache.logging.log4j/log4j-core
Use the latest version of Log4j rather than any other versions