Netbeans appears to include log4j even the most recent version. in
netbeans/ide/modules/ext/log4j-1.2.15.jar Our IT security group has flagged it and requires that it be removed even though as it is version 1 it is not vulnerable to the most famous issue as apparently there were other issues and it is no longer supported. What are the consequences of removing it? How would I go about committing or just suggestion a change to have it removed from future versions to avoid triggering our security team from telling everyone to delete it and maybe all of netbeans with it?
