The fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete for more details have a look at https://nvd.nist.gov/vuln/detail/CVE-2021-45046
Comment From: scottfrederick
Thanks for the PR, but as mentioned in the pull request template we have a semi-automated process for dependency upgrades that we prefer to use.