C:\Program Files\Autopsy-4.19.1\autopsy\solr\server\lib\ext\log4j-core-2.13.2.jar
C:\Program Files\Autopsy-4.19.1\autopsy\solr\server\lib\ext\log4j-core-2.13.2.jar
C:\Program Files\Autopsy-4.19.1\autopsy\solr\solr\lib\log4j-core-2.13.2.jar
C:\Program Files\Autopsy-4.19.1\autopsy\solr\solr\lib\log4j-core-2.13.2.jar
Checking in as ACAS is showing Log4j as a vulnerability still for version 4.20.0
File Path is autopsy\solr\server\solr-webapp\webapp\WEB_INF\lib
commons-text.1.6jar
Fixed version is 1.10
Also Open JDK is showing as vulnerable for 4.20.0
states 1.8.0_222
Fixed version is 8u322
These should be mitigated in Autopsy 4.21.0.