Fix Log4Shell vulnerability (CVE-2021-44228)

CRITICAL SECURITY ISSUE

The project uses Log4j 2.14.1 which is vulnerable to Log4Shell (CVE-2021-44228).

Action Items:

• Update Log4j to version 2.17.1 or later
• Update pom.xml dependencies
• Test application functionality
• Run security scan to verify fix
• Update all environments

Impact: Remote Code Execution (RCE) CVSS Score: 10.0 (Critical)

References:

• https://nvd.nist.gov/vuln/detail/CVE-2021-44228
• https://logging.apache.org/log4j/2.x/security.html