Revion is not using Log4j2 tool for apache-tomcat, we are using default lightweight API – Java logging API — java.util.logging. Additionally, we are not exposing apache-tomcat service to the Internet directly. These services are behind either Apache or Nginx. Therefore , we are not exposed to
Log4j2 Vulnerability “Log4Shell” (CVE-2021-44228)