Remove log4j from pom dependencies

hoijui / JavaOSC

OSC content format/"protocol" library for JVM languages

http://www.illposed.com/software/javaosc.html

BSD 3-Clause "New" or "Revised" License

156 stars 43 forks source link

Remove log4j from pom dependencies #62

Closed git-moss closed 2 years ago

git-moss commented 2 years ago

Currently, several critical issues in log4j have been identified: https://logging.apache.org/log4j/2.x/security.html 1.x seems to be less critical but will not receive any fixes.

As far as I could analyse the JavaOSC code, it does not use log4j at all. I guess it was only added in case someone wants to use it via sl4j. Therefore, I suggest to simply remove it.

hoijui commented 2 years ago

Thank you @git-moss! Fixed in 4ddf69eaafaf44a0b429345387a9b0d2738deec9.