Wondering if anybody had apache-log4j-obsolete-version identified in their environment following updates last week. Seems a little odd a 7-year-old fingerprint is just NOW showing-up in our environment. I have not yet validated it is NOT a false-positive…

We have seen the same and have verified that in our case it indeed is a true-positive.

Thanks! Yep, I validated this as well yesterday.