Update (2021-12-14)
As stated above, log4j 1.2.15 and 1.2.17 were used in earlier versions of our product releases. As per this statement there is a potential issue when embedding earlier i-net Clear Reports or i-net PDFC releases in custom products while using a JMS Adapter implementation.
This issue can be mitigated by updating to versions newer or equal 20.10 of respective products since no log4j is present in them anymore.
Please note that replacing the embedded log4j 1.x with a more recent log4j 2.15.0 or newer is not possible due to API incompatibilities.