Plans for Log4j 2.17.1?

Hi Metabase Team!

I would kindly ask for an update on the plans for upgrading Log4j to 2.17.1.

Since the two critical issues that were fixed, a few more have showed up ( that are still open in the Log4j version we have.

Now I know that these are non-critical issues, but our customers' eyes are simply on this topic and a non-resolved Log4j issue is a red flag for many security teams. However far-fetched the issue scenarios are, we are simply forced to shut down Metabase at customers left and right. It would be a tremendous help if we could get a version with 2.17.1. FYI: we we are using 0.41.5 atm.


Hi @FWalder
It will be updated in upcoming 0.41.6 which will be released in January.

Thanks mate, I appreciate the quick response!