Merge pull request #46 from corona-warn-app/fix/bump_lob4j_2_17

fix: bump version log4J to 2.17.0

pom.xml

@@ -5,7 +5,7 @@
 
   <groupId>app.coronawarn.verification</groupId>
   <artifactId>cwa-dcc-server</artifactId>
-  <version>1.0.4-SNAPSHOT</version>
+  <version>1.0.5-SNAPSHOT</version>
   <packaging>jar</packaging>
 
   <name>cwa-dcc-server</name>
@@ -91,13 +91,7 @@
         <groupId>org.liquibase</groupId>
         <artifactId>liquibase-core</artifactId>
         <version>${liquibase.version}</version>
-      </dependency>
-      <dependency>
-        <groupId>org.apache.logging.log4j</groupId>
-        <artifactId>log4j-bom</artifactId>
-        <version>2.16.0</version>
-        <scope>import</scope>
-      </dependency>
+      </dependency>  
     </dependencies>
   </dependencyManagement>
 
@@ -246,7 +240,18 @@
       <artifactId>shedlock-spring</artifactId>
       <version>${shedlock.version}</version>
     </dependency>
-
+    <dependency>
+      <groupId>org.apache.logging.log4j</groupId>
+      <artifactId>log4j-api</artifactId>
+      <version>2.17.0</version>
+      <scope>compile</scope>
+    </dependency>
+    <dependency>
+      <groupId>org.apache.logging.log4j</groupId>
+        <artifactId>log4j-to-slf4j</artifactId>
+        <version>2.17.0</version>
+        <scope>compile</scope>
+    </dependency>
   </dependencies>
 
   <build>