@Ceki Gülcü
An attacker who meets the requirement to be able to edit the logger's configuration file could perform RCE without using JNDI.
Even FileAppender can be used for RCE.
(Of course, it's easier to send Xxx.class, but it's not required.)

I'm argued against creating CVE-2021-42550, like several security experts.
An attacker who can edit the configuration file can do RCE without this CVE.

Of course, I DON'T think you need to change the SocketAppender, too.