This PR replaces them with the usage of slf4j which is more universal (being just a common API for various loggers)
and less vulnerable to potential attacks (again, being just an API).
It's worth mentioning that its v1 is used although v2 has been released about a year agi
which is due to API v2 not yet being stable enough and as well supported as v1 is.
Description
Log4j v1 and transitively Apache Commons Logging are subjects to multiple CVEs (namely CVE-2022-23307, CVE-2022-23305, CVE-2022-23302, CVE-2021-4104, CVE-2019-17571) and both libraries have not been updated since the years 2012 and 2014 respectively.
This PR replaces them with the usage of slf4j which is more universal (being just a common API for various loggers) and less vulnerable to potential attacks (again, being just an API).
It's worth mentioning that its v1 is used although v2 has been released about a year agi which is due to API v2 not yet being stable enough and as well supported as v1 is.