log4j and Apache Tomcat vulnerabilities

[RLWOHIO]

I would really like to try out Karma but was recently denied installation by our Information Security people after they found three log4j and one Apache Tomcat vulnerabilities in this software. Could you have the related dependencies updated to the latest releases? Thanks!

[RLWOHIO]

here are more details about these vulnerabilities:
Karma-Windows\Karma-Windows\resources\app\tomcat\webapps\clusterService.war!WEB-INF/lib/log4j-1.2.14.jar' ( Manifest Vendor: Apache Software Foundation, Manifest Version: 1.2.14, JNDI Class: NOT Found, Log4j Vendor: log4j, Log4j Version: 1.2.14, CVE Status: Potentially Vulnerable ( CVE-2021-4104: Found ) )

Karma-Windows\Karma-Windows\resources\app\tomcat\webapps\ROOT\ROOT.zip!WEB-INF/lib/log4j-1.2.14.jar' ( Manifest Vendor: Apache Software Foundation, Manifest Version: 1.2.14, JNDI Class: NOT Found, Log4j Vendor: log4j, Log4j Version: 1.2.14, CVE Status: Potentially Vulnerable ( CVE-2021-4104: Found )

Karma-Windows\Karma-Windows\resources\app\tomcat\webapps\ROOT\WEB-INF\lib\log4j-1.2.14.jar' ( Manifest Vendor: Apache Software Foundation, Manifest Version: 1.2.14, JNDI Class: NOT Found, Log4j Vendor: log4j, Log4j Version: 1.2.14, CVE Status: Potentially Vulnerable ( CVE-2021-4104: Found )

Also, this is the Apache Tomcat vulnerability that was flagged as well. [https://www.tenable.com/plugins/nessus/192043]