Log4j has some major security vulnerabilities. While this should not affect most of JSystem users, the log4j is not really used by JSystem (it uses the built-in logging mechanism), so it should not be a problem to remove it.
Log4j is a transitive dependency of the org.springframework artifiact, which in turn, used sporadically, so it needs to be removed completely.
Log4j has some major security vulnerabilities. While this should not affect most of JSystem users, the log4j is not really used by JSystem (it uses the built-in logging mechanism), so it should not be a problem to remove it. Log4j is a transitive dependency of the org.springframework artifiact, which in turn, used sporadically, so it needs to be removed completely.
List of the vulnerabilities can be found here.