Hi Metabase Team!
I would kindly ask for an update on the plans for upgrading Log4j to 2.17.1.
Since the two critical issues that were fixed, a few more have showed up (https://logging.apache.org/log4j/2.x/security.html) that are still open in the Log4j version we have.
Now I know that these are non-critical issues, but our customers' eyes are simply on this topic and a non-resolved Log4j issue is a red flag for many security teams. However far-fetched the issue scenarios are, we are simply forced to shut down Metabase at customers left and right. It would be a tremendous help if we could get a version with 2.17.1. FYI: we we are using 0.41.5 atm.
Thanks!