bump org.apache.logging.log4j:log4j-core to 2.20.0

[candrews]

What does this PR do?

Update the org.apache.logging.log4j:log4j-core dependency in apm-agent-plugins/apm-ecs-logging-plugin/pom.xml to the current latest version, 2.20.0

2.14.1 is vulnerable to CVE-2021-44228.

I know this dependency is of scope provided meaning it won't actually be included in the agent artifact jar, but the fact that there is a vulnerable dependency in the dependency graph at all (even if it isn't used and doesn't actually matter) isn't great, and definitely upsets some security folks.

Checklist

• This is an enhancement of existing features, or a new feature in existing plugins
  • I have updated CHANGELOG.asciidoc
  • I have added tests that prove my fix is effective or that my feature works
  • Added an API method or config option? Document in which version this will be introduced
  • I have made corresponding changes to the documentation
• This is a bugfix
  • I have updated CHANGELOG.asciidoc
  • I have added tests that would fail without this fix
• This is a new plugin
  • I have updated CHANGELOG.asciidoc
  • My code follows the style guidelines of this project
  • I have made corresponding changes to the documentation
  • I have added tests that prove my fix is effective or that my feature works
  • New and existing unit tests pass locally with my changes
  • I have updated supported-technologies.asciidoc
  • Added an API method or config option? Document in which version this will be introduced
  • Added an instrumentation plugin? Describe how you made sure that old, non-supported versions are not instrumented by accident.
• This is something else
  • I have updated CHANGELOG.asciidoc

[cla-checker-service]

💚 CLA has been signed

[github-actions]

👋 @candrews Thanks a lot for your contribution!

It may take some time before we review a PR, so even if you don’t see activity for some time, it does not mean that we have forgotten about it.

Every once in a while we go through a process of prioritization, after which we are focussing on the tasks that were planned for the upcoming milestone. The prioritization status is typically reflected through the PR labels. It could be pending triage, a candidate for a future milestone, or have a target milestone set to it.

[apmmachine]

💚 Build Succeeded

the below badges are clickable and redirect to their specific view in the CI or DOCS

Expand to view the summary

Build stats

• Start Time: 2023-02-23T07:49:11.172+0000

• Duration: 53 min 41 sec

Test stats 🧪

Test	Results
Failed	0
Passed	3530
Skipped	121
Total	3651

💚 Flaky test report

Tests succeeded.

🤖 GitHub comments

Expand to view the GitHub comments

To re-run your PR in the CI, just comment with:

• /test : Re-trigger the build.

• run benchmark tests : Run the benchmark tests.

• run jdk compatibility tests : Run the JDK Compatibility tests.

• run integration tests : Run the Agent Integration tests.

• run end-to-end tests : Run the APM-ITs.

• run windows tests : Build & tests on windows.

• run elasticsearch-ci/docs : Re-trigger the docs validation. (use unformatted text in the comment!)

[eyalkoren]

/test

[eyalkoren]

@candrews please note that I will not be able to merge this PR without you signing the CLA.
So please either sign it or let me know if you want me to make this change through a different PR.

[candrews]

I signed the CLA - do I need to do something to get that reflected in this PR?

[eyalkoren]

I signed the CLA - do I need to do something to get that reflected in this PR?

No, we're good!

[eyalkoren]

run elasticsearch-ci/docs