Not working for log4j-1.x where JMSAppender.class exists

[prsng]

We are using logpresso scanner and it seems to be flagging a lot more files with potential vulnerability after log4j 1.x was added to the CVEs.
log4j-finder is however skipping those files entirely and not flagging anything.

I am curious as to which one is reliable and why is it that log4j-finder thinks that this one is not potentially vulnerable.

Attaching a file for reference
log4j.jar.zip
.

[yunzheng]

This tool was mainly developed to catch vulnerable log4j 2.x versions. There is a ticket to add log4j 1.x support, see #14

next version will probably also have support for this and also other corner cases.