id	summary	reporter	owner	description	type	status	priority	milestone	component	version	resolution	keywords	cc
21657	[PATCH] Update log4j to 2.15.0 (CVE-2021-44228)	taylor.smock	team	"This fixes CVE-2021-44228 by default.

In addition there are some other enhancements, but it does claim to be binary compatible with previous releases.

log4j is used directly or indirectly by the following plugins:
* areaselector
* routing
* ImportImagePlugin
* kendzi3d

AFAIK, none of those have remote control capabilities, so the CVE ''shouldn't'' affect JOSM."	defect	closed	normal		Plugin		fixed	log4j cve