Hi, log4j was updated here <https://github.com/apache/xmlbeans/commit/8d25c62ef2866ee00eb7194dc0c464639a92b5af> but there is no released version with the change yet. What's the ETA for the release with that change? Some projects have completely banned version 2.24.x artifacts of log4j due to the vulnerability. Given how Maven works, if you depend on xmlbeans and manage the log4j version to 2.25.x, the log4j-api 2.24 POM and JAR are downloaded.
- Missing release with updated log4j Rodrigo Bourbon via dev
- Re: Missing release with updated log4j PJ Fanning
