Another log4j version was released and we need to update to 2.17.1 https://logging.apache.org/log4j/2.x/security.html Related to the ongoing incident detailed in this blog post https://about.gitlab.com/blog/2021/12/15/updates-and-actions-to-address-logj-in-gitlab/ ### Update: - Library completely removed from `pmd-apex` analyzer https://gitlab.com/gitlab-org/security-products/analyzers/pmd-apex/-/merge_requests/75 - Library updated in `spotbugs` analyzer https://gitlab.com/gitlab-org/security-products/analyzers/spotbugs/-/merge_requests/121 - Library completely removed from `license-finder` analyzer https://gitlab.com/gitlab-org/security-products/analyzers/license-finder/-/merge_requests/79 - Library updated in `gemnasium-maven` analyzer https://gitlab.com/gitlab-org/security-products/analyzers/gemnasium-maven/-/merge_requests/152 The work has been completed.