NB this project does not use Log4J2 (but v1.2.17). So CVE-2021-44228 does not apply!
Still it does not harm to include the Log4J 1.2 patch for CVE-2019-17571 provided by GeoServer:
See http://geoserver.org/announcements/2021/12/13/logj4-rce-statement.html
NB this project does not use Log4J2 (but v1.2.17). So CVE-2021-44228 does not apply!
Still it does not harm to include the Log4J 1.2 patch for CVE-2019-17571 provided by GeoServer:
See http://geoserver.org/announcements/2021/12/13/logj4-rce-statement.html