It looks like Minion is using log4j 2.6.2. This is currently a version of the log4j exploit activly being used. It is currently ranks a 10 out of 10 in severity.
I am just checking to see if you are aware of this, and/or have any plans to address/fix this.
Oracle has issued a fixed version of the library.