Update dependency org.springframework.boot:spring-boot-starter-log4j2 to v2.6.3

[mend-for-github-com]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
org.springframework.boot:spring-boot-starter-log4j2 (source)	2.6.1 -> 2.6.3

By merging this PR, the below vulnerabilities will be automatically resolved:

Severity	CVSS Score	CVE	Reachability
Critical	10.0	CVE-2021-44228
Critical	9.0	CVE-2021-45046
Medium	6.6	CVE-2021-44832
Medium	5.9	CVE-2021-45105

---

Release Notes

spring-projects/spring-boot (org.springframework.boot:spring-boot-starter-log4j2)

v2.6.3

🐞 Bug Fixes

• 'spring.config.import' placeholders can resolve from profile-specific documents when they should fail #​29459
• Warning from AprLifecycleListener when using Tomcat Native and Tomcat 9.0.55 or later #​29454
• ConfigurationPropertySources.attach will always reattach when called multiple times #​29410
• @SpringBootTest does not use spring.main.web-application-type properties declared in test resource files #​29374
• Embedded launch script fails if jar is owned by an unknown user #​29371
• ResponseStatusException no longer returning response body in 2.6.2 using Spring Security when application has a custom context path #​29299
• Maven repackaging of a jar with a deeply nested package is prohibitively slow #​29268
• Health contributor exclusion rules aren't applied to child contributors #​29251
• Default value for management.info.env.enabled is outdated #​29187

📔 Documentation

• Refer to Maven Resolver rather than Aether #​29480
• Clarify documentation for RestTemplate customization #​29401
• Learning About Spring Boot Features has "logging" link twice #​29380

🔨 Dependency Upgrades

• Update to Spring Kafka 2.8.2 #​29319
• Upgrade to Hibernate 5.6.4.Final #​29497
• Upgrade to HttpCore5 5.1.3 #​29343
• Upgrade to Infinispan 12.1.11.Final #​29344
• Upgrade to Jaybird 4.0.5.java8 #​29345
• Upgrade to JBoss Logging 3.4.3.Final #​29346
• Upgrade to Lettuce 6.1.6.RELEASE #​29347
• Upgrade to Log4j2 2.17.1 #​29184
• Upgrade to Logback 1.2.10 #​29348
• Upgrade to MariaDB 2.7.5 #​29498
• Upgrade to Maven Jar Plugin 3.2.2 #​29349
• Upgrade to Micrometer 1.8.2 #​29316
• Upgrade to MongoDB 4.4.1 #​29350
• Upgrade to MySQL 8.0.28 #​29467
• Upgrade to Neo4j Java Driver 4.4.2 #​29398
• Upgrade to Netty 4.1.73.Final #​29351
• Upgrade to Netty tcNative 2.0.47.Final #​29395
• Upgrade to Pooled JMS 1.2.3 #​29468
• Upgrade to R2DBC Bom Arabba-SR12 #​29396
• Upgrade to Reactor 2020.0.15 #​29315
• Upgrade to SLF4J 1.7.33 #​29397
• Upgrade to Spring AMQP 2.4.2 #​29318
• Upgrade to Spring Data 2021.1.1 #​29317
• Upgrade to Spring Framework 5.3.15 #​29327
• Upgrade to Spring HATEOAS 1.4.1 #​29283
• Upgrade to Spring Integration 5.5.8 #​29320
• Upgrade to Spring REST Docs 2.0.6.RELEASE #​29322

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

• @​izeye
• @​dreis2211
• @​Omkar-Shetkar
• @​jprinet

v2.6.2

🐞 Bug Fixes

• The getter and setter that's used during configuration property binding varies when a getter or setter has been overridden to use a subclass of the property's type #​29143
• DatabaseInitializationDependencyConfigurer triggers eager initialization of factory beans #​29103
• Spring boot 2.6.0 Quartz mysql/mariadb tables are not created #​29095
• Platform used for Quartz, Session, Integration, and Batch schema initialization cannot be configured #​29002
• App fails to start when it depends on thymeleaf-extras-springsecurity5 but does not have Spring Security on the classpath #​28979
• ResponseStatusException no longer returning response body in 2.6.1 using spring security #​28953
• DataSourceScriptDatabaseInitializer may still try to access the database even though its initialization mode is never #​28931
• Hibernate validation messages broken in spring boot 2.6.1 when setUseCodeAsDefaultMessage set to true #​28930
• Image buildpack references without tag do not default to latest version #​28922
• Invalid classpath index manifest attribute in war files built with Maven #​28904
• AbstractMethodError in org.springframework.boot.web.servlet.filter.ErrorPageSecurityFilter when deployed to a Servlet 3.1-compatible container #​28902
• Setting cache time-to-live for the health endpoint has no effect #​28882
• server.servlet.session.cookie.same-site isn't applied to Spring Session's SESSION cookie #​28784

📔 Documentation

• 2.5.x snapshot documentation links to source code on the main branch #​29141
• Document that using DevTools with a remote application is not supported with WebFlux #​29138
• Polish Creating Your Own Auto-configuration section in Core Features reference doc #​29133
• Polish CacheManager customization section in reference doc #​29098
• Polish README.adoc #​28948
• Fix documented default value for property spring.mvc.pathmatch.matching-strategy #​28936
• Add consistent quotes in YAML samples of reference doc #​28911

🔨 Dependency Upgrades

• Upgrade to Logback 1.2.9 #​29012
• Upgrade to AppEngine SDK 1.9.93 #​29054
• Upgrade to Caffeine 2.9.3 #​29055
• Upgrade to Couchbase Client 3.2.4 #​29056
• Upgrade to DB2 JDBC 11.5.7.0 #​29124
• Upgrade to Dropwizard Metrics 4.2.7 #​29125
• Upgrade to Ehcache3 3.9.9 #​29126
• Upgrade to Flyway 8.0.5 #​29059
• Upgrade to Hazelcast 4.2.4 #​29146
• Upgrade to Hibernate 5.6.3.Final #​29127
• Upgrade to HttpAsyncClient 4.1.5 #​29062
• Upgrade to HttpCore 4.4.15 #​29063
• Upgrade to Infinispan 12.1.10.Final #​29128
• Upgrade to Jackson Bom 2.13.1 #​29129
• Upgrade to JDOM2 2.0.6.1 #​29064
• Upgrade to Jedis 3.7.1 #​29065
• Upgrade to JUnit Jupiter 5.8.2 #​29066
• Upgrade to Kotlin 1.6.10 #​29067
• Upgrade to Log4j2 2.17.0 #​28984
• Upgrade to Micrometer 1.8.1 #​28971
• Upgrade to MSSQL JDBC 9.4.1.jre8 #​29068
• Upgrade to Netty 4.1.72.Final #​29005
• Upgrade to Reactor 2020.0.14 #​28969
• Upgrade to Spring AMQP 2.4.1 #​28995
• Upgrade to Spring Framework 5.3.14 #​28970
• Upgrade to Spring Integration 5.5.7 #​28975
• Upgrade to Spring Kafka 2.8.1 #​29017
• Upgrade to Spring LDAP 2.3.5 #​28972
• Upgrade to Spring Security 5.6.1 #​28973
• Upgrade to Spring Session 2021.1.1 #​28974
• Upgrade to Spring WS 3.1.2 #​29069
• Upgrade to Thymeleaf 3.0.14.RELEASE #​29070
• Upgrade to Tomcat 9.0.56 #​29071
• Upgrade to Undertow 2.2.14.Final #​29072
• Upgrade to XmlUnit2 2.8.4 #​29131

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

• @​izeye
• @​asa1997
• @​vashisthabhinav
• @​An1s9n
• @​copbint
• @​viktorardelean
• @​vpavic
• @​terminux
• @​Artur-

---

• If you want to rebase/retry this PR, check this box

[skim-amplify]

Checkmarx One – Scan Summary & Details – cb965f81-6069-4035-b862-38f1997e3ff1

No New Or Fixed Issues Found

[amplify-self-hosted-runners]

Check Name	Conclusion	Summary	Output
Mend Security Check	success	Security Report	output
Mend License Check	success	License Report	output