As mentioned in AXIS2-6017, there ended up being 5 updates of log4j2 so the
best course of action is not to wait for us but rather patch your own
systems via pom.xml updates.
The hold up so far on 1.8.1 is that there are lots of other recent Jira
issues closed that were also important to our users
Dear Axis2 developers,
latest available Apache Axis2 version on Maven Central is vulnerable to several
known CVEs.
For example the anymore not so recent Log4j CVEs are really, really critical,
because they allow remote code execution (RCE) attacks.
CVE-2021-45105
CVE-2021-45046
CVE-2021-44832
C
