Zhenxiao Luo

yep, I think we need log4j version bump to 2.17

nice, @v-jizhang how about we squash the 2 commits into 1?

shall we upgrade to log4j 2.17? seems 2.16 is also vulnerable

hi @v-jizhang could you please resolved the conflict?

looks good. @v-jizhang could you please take a look at the 2 failing tests?

nice. thank you, @v-jizhang could you please merge the last commit into previous ones? I plan to merge this PR after the change

yep, let's try fix the testcase. Then we could merge :)