We updated log4j to 2.15.0, which fixes the log4shell vulnerability (CVE-2021-44228) (#726). Technically simpleclient_log4j2 is not directly affected by the vulnerability, because as long as you update log4j in your monitored application simpleclient_log4j2 will pick up the updated version. However, it makes sense to remove the vulnerable versions from the dependency tree, therefore the update.
In addition to the log4j update in simpleclient_log4j2, this release contains the following enhancements and fixes:
[ENHANCEMENT] Allow passing a custom registry to the logback InstrumentedAppender (#690). Thanks @MatthewDolan.
[BUGFIX] Correct handling of HEAD requests (#688). Thanks @dhoard.
[ENHANCEMENT] Lots of more integration tests and tests with different Java versions.
[ENHANCEMENT] Make HTTPMetricHandler public so that users can use them in their own HttpServers (#722). Thanks @dhoard.
[ENHANCEMENT] Make Base64 encoding in the HTTP authentication for the PushGateway work with all Java versions (#698). Thanks @dhoard.