WorldServer versions 11.0.0 and WS 11.0.1, although they are using log4j 1.x, they also contain log4j 2.2 as a transitive dependency.
In order to mitigate this issue for log4j 2.2, we need to remove the JndiLookup.class from within log4j-core-2.2.jar\org\apache\logging\log4j\core\lookup\
Attached to this article, you will find a jar file with the class removed. You can either use it, or just make a copy with it removed by yourself.
You will need it to replace the existing one in the following locations:
Optional (recommended) is to also replace it within the war files (can be done with 7zip for example):
Important: WorldServer (Idiom Service) should be restarted after this change.
On a multi-server environment, the change and restart must be deployed on each Application Server
on which WorldServer is deployed.Note: this issue will be permanently solved in the upcoming WorldServer 11.7.2. version.