java security log4j transitive-dependency mobicents-sip-servlets

Are there any ways to fix Log4j vulnerability when it is being used as a transitive dependency

My project has a transitive dependency on log4j v1.2.16 through org.mobicents.servlet.sip package used in my project as a direct dependency.

But org.mobicents.servlet.sip is no longer actively developed.

Are there any options to fix this vulnerability other than waiting for org.mobicents.servlet.sip to fix the issue.

Solution

The final solution was to explode the log4j-1.2.17.jar, remove the affected classes SocketServer.class and JMSAppender.class, create a custom jar and use it.

Commands used to explode and create new jar was taken from below stackoverflow answer

Reference: https://stackoverflow.com/a/16806235/8864570

Start and end date of a current month
How to mock just one static method in a class using Mockito?
ant file build failed due to below errors
How to make smooth circle texture?
How can I do a post-order traversal of a tree, when the only function I have is getChildren()?
What is the variance of java .class files across different compilers, versions, dependencies?
IntelliJ web service and Java client IllegalArgumentException TestWebService is not an interface
The Java Compiler API does not work I keep getting unable to resolve class javax.tools.JavaCompilerTool and other similar ones
Compiling multiple packages using the command line in Java
Java Calendar - Date is unpredictable after setting day_of_week
"The left hand side of an assignment must be a variable" due to extra parentheses
Odd compiler error on if-clause without braces
Problem in upcasting in Java?
How to set a SpannableString to an EditText in an Android Material TextInputLayout?
Android @Override issues
How to ‘partly compile’ Java in Eclipse?
Dates with no time or timezone component in Java/MySQL
Compilation error while compiling class within another
How to debug .class files in ECLIPSE?
Java generics: What is the compiler's issue here? ("no unique maximal instance")
How can I convert a List<int[]> to a 2D array?
Spring Cloud Gateway doesn't work with DiscoveryClientRouteDefinitionLocator
Dynamic spring data jpa repository query with arbitrary AND clauses
How to compile Java program with .jar library
SunCertPathBuilderException when upgrading to Spring Boot 3.2
Write to single cell in OPENcsv Java
Try catch and user input
Access jdk.unsupported from JUnit doesn't need module require
Create and install de-lomboked source jar in maven
Why Does My Java Code to find multiple occurrences in of a Sting in another String not work?