Hello,

There is a CVE for the Log4J 2.17.0:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44832

This is also listed on the Log4J main page:
https://logging.apache.org/log4j/2.x/

Do you have any plan for updating this dependency and making a new release?
I think most of the people are not using any JDBC Appender but static security scanners can be very annoying.

Dependencies will be updated with the next release which we do not have a date for yet.
It appears however that the issue in Log4J is in a part that we do not use in Holodeck B2B.
If you want to update Log4J sooner, you can do so by following the procedure described in the weblog on the project website.