Log4j2 under v2.17.1 have a critical vulnerability (CVE-2021-44832) and is not stable for now. Log4j v1.x reached end of life in 2015.
In order to improve logging and to avoid Log4j if possible, I propose to change logging from Log4j to Slf4j facade. This should allow users of this library to avoid Log4j dependency inside projects if they don't use it.
Log4j2 under v2.17.1 have a critical vulnerability (CVE-2021-44832) and is not stable for now. Log4j v1.x reached end of life in 2015. In order to improve logging and to avoid Log4j if possible, I propose to change logging from Log4j to Slf4j facade. This should allow users of this library to avoid Log4j dependency inside projects if they don't use it.