I think the priority should be updated because this is now a medium severity vulnerability with CVSS 4.8 (Snyk)

Many companies may be forced to switch to a different logging library if this issue will not be addressed quickly.

Thanks a lot for your effort.