The post has been partially updated to log4j2 [0] (the import is still log4j1, but I imagine this will be updated soon [1]).
And yes, I'm actually not sure log4j1 is vulnerable. I assumed it was because the sample code in the post was using log4j1, though the description only explicitly mentions log4j2.
And yes, I'm actually not sure log4j1 is vulnerable. I assumed it was because the sample code in the post was using log4j1, though the description only explicitly mentions log4j2.
[0]: https://github.com/lunasec-io/lunasec/pull/270
[1]: https://github.com/lunasec-io/lunasec/pull/277