Maven downloading log4j version not specified in POM when building the Project.
In POM i have updated my log4j to log4j core 2.16.0 to fix the Log4j Vulnerability with Older version. But even after changing the Version Maven is downloading 1.2.12 and 1.2.17 version of Log4j when running the build.
I'm not seeing these version even in the dependency tree of my Project.
Please help to fix this issue as its a Critical Security Issue.