Comment From: ncabanis
The Log4j2 version 2.13.1 contains a fix for a major bug: https://issues.apache.org/jira/browse/LOG4J2-2652
This is worth of integrating into the 2.2.x line as well, as this is breaking code updating from Spring-Boot 2.1.x to 2.2.x.
Comment From: snicoll
Sorry, we don't upgrade to a new feature release of a dependency in a maintenance release of Spring Boot. You can override the Log4J version using the log4j2.version property, check the documentation for the build system you're using.
Comment From: ncabanis
I can understand that. The mistake then is that Log4j2 did not provide a fix in their 2.12.x line.
Comment From: snicoll
@ncabanis there's nothing we can do about that. You may want to ask them to backport the fix.