Hi,
For those who are wondering whether the vulnerability issue
CVE-2021-44228 affects OBiBa applications, the answer is
no because logback has been used in place of log4j since 2013.
If there are still log4j libs that appear in the distributed packages (mica, agate, rock), these are coming from third party dependencies and are not being used. These dependencies have now been explicitly removed from the packaging process for clarity; future releases of rock, mica and agate will integrate this patch.
Regards
Yannick