CVE-2022-23305

Customers that have JDBCAppender configured may be vulnerable to SQL Injection attacks

Change Summary: Removed JDBCAppender thus no longer allowing customers to use.

CVE-2022-23307 / CVE-2020-9493

Unsafe deserialization issue present in Apache Chainsaw that was bundled in log4j1.

Change Summary: Removed Apache Chainsaw, it is no longer a component of our log4j1 fork

CVE-2022-23302

JMSSink is vulnerable to deserialization of untrusted data