FNP is not vulnerable to log4j vulnerability (CVE-2021-45046), however, In FNP, log4j is packaged with an example runalerter script under the lmadmin kit.

Example script runalerter showcases sending the mails to a targeted audience in case of any alert on lmadmin side. log 4j is not tightly coupled with lmadmin. It is optional and independent of lmadmin.

The jar files are just part of the example section. The activity of upgrading the log4j to the latest version can be also be performed by the customer if required.

Note: All the vulnerable FNP versions (11.17.1) onwards have been pulled out of PLC.

Update: 16/Dec/2021:
Log4j version has been upgraded to 2.16.0 and an updated version of FNP 11.18.3.1 is now available in the Product and License Center.

Update: 24/Dec/2021:
Log4j version has been upgraded to 2.17.0 and an updated version of FNP 11.18.3.1 is now available in the Product and License Center.

Check CVE-2021-44228: Log4j vulnerability impact on FlexNet Publisher for more information about CVE-2021-44228