Cherry-pick 'Update log4j again' into 'release/0.12'
This patch fixes the log4j version to fix the CVE-2021-44228
This cherry-pick combines three MRs that targeted the default branch: !26 (merged), !27 (merged), and !28 (merged)
(cherry picked from commit d0b0d64c)
This is part of the #2 (closed) series