SonarQube is using log4j. Today I learned about the critical vulnerability CVE-2021-44228. We are using SonarQube 8.7.1 which uses a vulnerable version of log4j (2.8.2). Do you have any suggestion how to mitigate the risk? Is replacing log4j-api-2.8.2.jar with a new version of the jar file going to help?