Apache Log4j Security Vulnerabilities


We are currently using Workfusion IA version 9.4.0.
Regarding recent Log4J vulnerabilities, I found the below security advisory in KB:

I did a global search in our Windows server where RPA is installed, all versions of Log4J related jars are 1.XX.

As per the below apache notice, Log4j 1.x is not impacted by this vulnerability.

Can you let me know if version 9.4.0 really needs any patching (remove JNDI lookup) as suggested in the KB?