Cherry-pick 'Update log4j again' into 'release/0.12'

This patch fixes the log4j version to fix the CVE-2021-44228

This cherry-pick combines three MRs that targeted the default branch: !26 (merged), !27 (merged), and !28 (merged)

(cherry picked from commit d0b0d64c)

This is part of the #2 (closed) series