Fix log4j CVE-2021-44228

[wcc526]

Fix Apache log4j Vulnerability CVE-2021-4428

[codecov[bot]]

Codecov Report

Merging #1887 (43f74fb) into dev (ed2da5f) will decrease coverage by 0.09%. The diff coverage is n/a.

@@             Coverage Diff              @@
##                dev    #1887      +/-   ##
============================================
- Coverage     70.75%   70.65%   -0.10%     
+ Complexity      575      574       -1     
============================================
  Files            26       26              
  Lines          2171     2171              
  Branches        311      311              
============================================
- Hits           1536     1534       -2     
- Misses          484      485       +1     
- Partials        151      152       +1     

Impacted Files	Coverage Δ
...ain/java/com/zaxxer/hikari/util/ConcurrentBag.java	73.40% <0.00%> (-2.13%)	:arrow_down:

---

Continue to review full report at Codecov.

Legend - Click here to learn more Δ = absolute <relative> (impact), ø = not affected, ? = missing data Powered by Codecov. Last update ed2da5f...43f74fb. Read the comment docs.

[larrydiamond]

Suggest you update to 2.16.0 to address more of the exploit conditions.

[wcc526]

done fix 2.16.0

[larrydiamond]

oh, you're going to be upset. Since I posted the recommendation to go to 2.16.0, log4j found another vulnerability and created a 2.17.0

https://logging.apache.org/log4j/2.x/security.html CVE-2021-45105

Sorry, I suggest 2.17.0 to clear this new one. Sorry.

[kdebski85]

dev branch currently has <log4j.version>[2.17.1,)</log4j.version>. I think this pull request can be closed.