I summarized notes on the Logback CVE-2021-42550 . While significantly less critical, we probably need to consider another round of releases to address and bring in logback 1.2.9.
notes here: https://issues.apache.org/jira/browse/KARAF-7299 <https://issues.apache.org/jira/browse/KARAF-7299> Thoughts?