Problem: Fix CVE 2021-44228 and CVE 2021-4104 security issues (log4j)

[mamedin]

https://securelist.com/cve-2021-44228-vulnerability-in-apache-log4j-library/105210/
https://access.redhat.com/security/cve/CVE-2021-4104

[mamedin]

Depending on ES version some workarounds/fixes should be applied:

• ES v1.7.x: The JMSAppender.class needs to be deleted or log4j class must be updated (CVE 2021-4104)
• ES v5.x: The JndiLookup.class needs to be deleted or log4j class must be updated (CVE 2021-44228)
• ES v6.x: Update to 6.8.21 or use Dlog4j2.formatMsgNoLookups=True as java_opts (CVE 2021-44228)

[misilot]

I see v6. has been addressed. Can AtoM utilize ES v6, or will we need to codify in our install the removal of the JdniLookup.class?