Log4j - Older app on Windows server using JRE 1.8.0.x - is it impacted?

I can't find any info on whether specific versions of JRE are impacted? The app on my Windows Server 2012 uses JRE 1.8.0.x (1.8.0_91) but not sure if if uses Log4j logging service. Can anyone help clarify because oddly, I can't find anyone explaining this. Thanks much!!


Solution 1:

The JRE version is not really relevant. The security issue is not in the JRE, it's in a third party library that is used by Java applications. The library is not shipped with the JRE, it's shipped with the application. You need to check the version and the release notes and security notices of your application, not the JRE.