Hi Hassan,
A guide for these log4j vulnerabilities was shared on dspace-community & dspace-tech list back in Dec 2021 (when they were first announced):
There are a few options offered in that thread. Basically, though it's extremely complex to upgrade from log4j v1 to v2 as they are not compatible. I'm not aware of anyone who has done this for DSpace 5.x or 6.x. But, the 7.x set of releases all use log4j v2. So, you might want to consider upgrading to DSpace 7.
Another option is to upgrade to DSpace 6.4 as it switched DSpace 6.x from log4j to reload4j. See
https://github.com/DSpace/DSpace/pull/8144 This was a basic "patch" offered to sites that couldn't upgrade to DSpace 7. I don't know if it's possible to backport to 5.x
Tim