<!-- https://mvnrepository.com/artifact/org.apache.logging.log4j/log4j-api -->
<dependency>
<groupId>org.apache.logging.log4j</groupId>
<artifactId>log4j-api</artifactId>
<version>2.17.0</version>
</dependency>I will submit a PR.
False positive on
log4j-api-2.17.0.jar- reported as (pkg:maven/org.apache.logging.log4j/[email protected], cpe:2.3:a:apache:log4j:2.17.0:*:*:*:*:*:*:*) : CVE-2021-44832A false postive declaration per CVE has been added to
log4j-api&log4j-web. We should also exclude CVE-2021-44832.https://github.com/jeremylong/DependencyCheck/blob/36d4307f78741be2b6879280a29a09c25054da90/core/src/main/resources/dependencycheck-base-suppression.xml#L7
I will submit a PR.