Hello, There has been a log4j2 vulnerability made public https://www.randori.com/blog/cve-2021-44228/ which is making some waves :) This post even explicitly mentions Apache Flink: https://securityonline.info/apache-log4j2-remote-code-execution-vulnerability-alert/
And fortunately, I saw this was already on your radar: https://issues.apache.org/jira/browse/FLINK-25240 What would the advice be for flink users? Do you expect to push a minor to fix this? Or is it advisable to upgrade to the latest log4j2 version manually for now? Thanks for any advice!
