Fix potential logback security vulnerabilities

[McPringle]

CVE-2021-42550
In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers.

---

This change is 

[coveralls]

Coverage remained the same at 78.198% when pulling 772d799 on McPringle:security/CVE-2021-42550 into 4707d4e on JavaMoney:master.

[McPringle]

The error is not related to my change. Taking a look at the Travis log it looks like there is a problem installing the end of life Java version 9:

Downloading JDK from https://download.java.net/java/early_access/jdk19/3/GPL/openjdk-19-ea+3_linux-x64_bin.tar.gz
https://download.java.net/java/GA/jdk9/9.0.4/binaries/openjdk-9.0.4_linux-x64_bin.tar.gz...
Using custom target: /home/travis/openjdk9
gzip: stdin: decompression OK, trailing garbage ignored
tar: Child returned status 2
tar: Error is not recoverable: exiting now
The command "~/bin/install-jdk.sh --target "/home/travis/openjdk9" --workspace "/home/travis/.cache/install-jdk" --feature "9" --license "GPL" --cacerts" failed and exited with 2 during .
Your build has been stopped.

Exactly the same happens with my PR #137.

[keilw]

@McPringle Interesting, didn't know LogBack was also affected, but given it has the same roots as Log4J not so surprising. Thanks