Hello all,
Following the recent discovery of the log4shell exploit, I have been looking at our in-house OBA instances we use for testing as well as a couple of our own applications that make use of your org.onebusaway.gtfs module. I found that they do depend on the log4j library and therefore could be vulnerable.
Are there any way to update the log4j version used to version 2.15.0 containing the patch?