FreeRADIUS is NOT affected by the log4j issues
FreeRADIUS is not affected by the log4j issues.
However, RADIUS servers will try to authenticate any user who tries to
connect. And the User-Name field is under complete control of an
attacker. If any of the RADIUS logs go through a system which uses
log4j, then your site is likely vulnerable.
We do not recommend changing the RADIUS server configuration in order to try to “work around” the log4j issue. The best solution is to fix the underlying problem.