The lib supplied with the latest release slf4j-api 1.7.26.jar allows a possibility of a log4j attack.

https://www.slf4j.org/log4shell.html

How is this being addressed?