Hi All,
We have been using the Liferay CE 7.2.1 GA2 and Elastic search 6.4.3 in our project.

With persisting  latest effect of log4J Shell Vulnerability issue , we have  been added -Dlog4j2.formatMsgNoLookups=true in JVM options however Apache log4j project saying is not 100% safe by adding this configuration.

Here are my 2 questions to the Liferay community ,Kindly answer or throw some insight on this.

1) How to mitigate Log4j Shell vulnerability issue for LR and Elatci search?

2) how to apply log4J  2.17.0 version in Liferay and elastic search?

https://liferay.dev/blogs/-/blogs/log4j2-vulnerability-fixing-the-jar?_com_liferay_blogs_web_portlet_BlogsPortlet_showFlags=true&scroll=_com_liferay_blogs_web_portlet_BlogsPortlet_discussionContainer