spring-boot-starter-logging depends on vulnerable log4j version · Issue #28978 · spring-projects/spring-boot · GitHub
GitHub - lunasec-io/spring-rce-vulnerable-app: Spring Boot web application vulnerable to Log4Shell (CVE-2021-44228) and the possible Spring RCE vulnerability.
Log4J vulnerability: Risks, Mitigation and fixes on Java Spring Boot Applications – MICROIDEATION