Hi All: I find it hard to track what CVE is associated with what Log4j version and Java version, so I created this table: https://github.com/apache/logging-log4j2/blob/release-2.x/docs/cve-map.md
In general, I'm not a fan of duplicating information like we do on our About page and Security page, I worry that I am missing something unless I read _everything_ and it's harder to maintain too. Gary
