This fix allows you to remove log4j vulnerability:
Option 1 - remove the log4j core jar from your final jar
Option 2 (I prefer this myself) - You can just remove the "JndiLookup" class file.
--- Option 1 - remove jar
org.apache.logging.log4j:log4j-core:jar
org.apache.logging.log4j:log4j-api:jar
--- Option 2 - remove class
org/apache/logging/log4j/core/lookup/JndiLookup.class
