Juniper R2 2021 - Log4j vulnerability verification and correction

Deployed to Juniper BF. Closing

I have a PR in place that result in the following dependency structure:

The only problem seems to be the 1.2.17 coming in even though it is set to manage 2.16.0.

Removing the dependency via exclusion causes logs to not show.
This concerns me that more work is needed, possibly updating edge-common (which is a 2.x version!).

Given that it is a Friday near a holiday, I put the PR in now in its current state.
The state is an improvement, but it may still need more work.

Also note, that this for fixing CVE-2021-4104 rather than CVE-2021-44228.
Both are exploits of utilizing JNDI, its just that their vector of attack is slightly different.

Re-opening because I found a related Log4J Vulnerability that merits the upgrade:
- https://nvd.nist.gov/vuln/detail/CVE-2021-4104

Version 1.2.17 of Log4J is used.
The 1.x versions of Log4J are unaffected by the security issue.

I am seeing log4j version 1.2.17.
This version is not an issue to my knowledge.