Oracle Database 12c (12.1) and Log4j

After updated definitions we are receiving notifications about the Log4j vulnerabilities with our Oracle 12c deployments.


This vulnerable log4j jar file is installed in all the Oracle Home dirs, e.g.:

$ORACLE_HOME/md/jlib/log4j-core-2.9.1.jar

Can this jar file be upgraded/updated as a standalone and if so does anyone have the process they can share please?

If not, how would one mitigate the vulnerability CVE-2021-44228 in Oracle 12c RDBMS?

Thank you.