upgrade log4j2 to 2.16.0

[wuwen5]

What is the purpose of the change

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45046

It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allows attackers with control over Thread Context Map (MDC) input data when the logging configuration uses a non-default Pattern Layout with either a Context Lookup (for example, $${ctx:loginId}) or a Thread Context Map pattern (%X, %mdc, or %MDC) to craft malicious input data using a JNDI Lookup pattern resulting in a denial of service (DOS) attack. Log4j 2.15.0 makes a best-effort attempt to restrict JNDI LDAP lookups to localhost by default. Log4j 2.16.0 fixes this issue by removing support for message lookup patterns and disabling JNDI functionality by default.

[codecov-commenter]

Codecov Report

Merging #9433 (3793e26) into master (578bfcb) will increase coverage by 0.01%.
The diff coverage is n/a.

@@             Coverage Diff              @@
##             master    #9433      +/-   ##
============================================
+ Coverage     60.81%   60.82%   +0.01%     
+ Complexity      446      445       -1     
============================================
  Files          1100     1100              
  Lines         44515    44515              
  Branches       6477     6477              
============================================
+ Hits          27070    27078       +8     
+ Misses        14472    14470       -2     
+ Partials       2973     2967       -6     

Impacted Files	Coverage Δ
...ntext/event/AwaitingNonWebApplicationListener.java	48.48% <0.00%> (-24.25%)	⬇️
...he/dubbo/remoting/transport/netty/NettyServer.java	70.17% <0.00%> (-3.51%)	⬇️
...ting/zookeeper/curator/CuratorZookeeperClient.java	67.79% <0.00%> (-1.13%)	⬇️
...ng/transport/dispatcher/all/AllChannelHandler.java	89.65% <0.00%> (ø)
...apache/dubbo/common/extension/ExtensionLoader.java	81.31% <0.00%> (+0.21%)	⬆️
...dubbo/remoting/exchange/support/DefaultFuture.java	89.18% <0.00%> (+0.90%)	⬆️
.../exchange/support/header/HeaderExchangeServer.java	69.52% <0.00%> (+1.90%)	⬆️
...a/org/apache/dubbo/monitor/dubbo/DubboMonitor.java	88.57% <0.00%> (+1.90%)	⬆️
...pache/dubbo/registry/support/AbstractRegistry.java	80.74% <0.00%> (+2.59%)	⬆️
...ubbo/registry/support/AbstractRegistryFactory.java	83.09% <0.00%> (+2.81%)	⬆️
... and 4 more

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 578bfcb...3793e26. Read the comment docs.

[CrazyHZM]

LGTM

[guohao]

LGTM

[justinmclean]

2.17.0 is out you would probably want to use that instead.

[AlbumenJ]

2.17.0 is out you would probably want to use that instead.

Upgrade to 2.17.0 in #9444.