The Log4j response page originally stated only 2.9.1 and up were affected, now the update announcement says "including 2.9, 2.9.0.1, and 2.9.0.2, previously reported not affected". Does this mean those versions are indeed affected and need to be upd...