Remove log4j dependency due to known security vulnerabilities
itaiag opened this issue · comments
Itai Agmon commented
Log4j has some major security vulnerabilities. While this should not affect most of JSystem users, the log4j is not really used by JSystem (it uses the built-in logging mechanism), so it should not be a problem to remove it.
Log4j is a transitive dependency of the org.springframework artifiact, which in turn, used sporadically, so it needs to be removed completely.
List of the vulnerabilities can be found here.