Remove log4j from pom dependencies
git-moss opened this issue · comments
Currently, several critical issues in log4j have been identified: https://logging.apache.org/log4j/2.x/security.html
1.x seems to be less critical but will not receive any fixes.
As far as I could analyse the JavaOSC code, it does not use log4j at all. I guess it was only added in case someone wants to use it via sl4j. Therefore, I suggest to simply remove it.