arixmkii
commented
9 months ago There is a workaround using spring-jcl, which is commons-logging with the same package names, but without LogSource class (which is anyway deprecated) https://github.com/spring-projects/spring-framework/tree/main/spring-jcl/src/main/java/org/apache/commons/logging
LogSource in commons-logging accessed log4j only through reflection https://github.com/apache/commons-logging/blob/master/src/main/java/org/apache/commons/logging/LogSource.java#L78 So, if there is no dependency of log4j already it will not be introduced. Moreover there existed only single released version of commons-logging jar published, which included third party loggers as its dependencies - it is version 1.1 https://mvnrepository.com/artifact/commons-logging/commons-logging/1.1 Every other version had logger implementation as optional dependencies, so, correct build system would not add them into dependency scope.