Document nikitas vulnerability to CVE-2021-44228
CVE-2021-44228 is a very serious bug that may impact nikita. What steps have we taken to identify and mitigate any potential vulnerabilities.
nikita is a spring application and spring themselves say that spring-boot is not a problem unless you have switched away from default logging. See here for that information.
Our initial approach has been to follow what spring said and upgraded log4j2 to
<log4j2.version>2.15.0</log4j2.version>
A further exploit has been identified and this should be fixed in
<log4j2.version>2.16.0</log4j2.version>
nikita has been updated to this version in 4b004b4b.