CVE-2020-9488: log4j 2.11.0

Shadow bundles log4j 2.11.0 which is has a known security vulnerability. See http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9488. It would be great if you can possibly update the version of log4j in use.

### Shadow Version
5.2.0 & 6.0.0

### Gradle Version
All 

### Actual Behavior

![image](https://user-images.githubusercontent.com/907624/87913307-2807c580-ca6f-11ea-87cf-da8f7d57e7ee.png)



Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

CVE-2020-9488: log4j 2.11.0 #589

Shadow Version

Gradle Version

Actual Behavior

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Uh oh!

CVE-2020-9488: log4j 2.11.0 #589

Description

Shadow Version

Gradle Version

Actual Behavior

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions