Log4j vulnerability update (CVE-2021-44228)

Vespa, an AI platform, addressed the Log4j vulnerability (CVE-2021-44228) by confirming that no published Vespa versions were affected, as they do not include vulnerable Log4j versions or the JMSAppender class. However, they cautioned that applications using Vespa might still be vulnerable if Log4j is included in their application package. To mitigate this, Vespa suggested using a Maven command to identify Log4j dependencies. Subsequently, Vespa released version 7.520.3, completely removing Log4j, and enforced a policy on Vespa Cloud to ensure user applications do not contain Log4j dependencies older than version 2.17.1 starting from version 7.528.38.