I did a check as well and couldn't find anything.
I guess the only place where log4j2 might be included is by pax exam
tests - not sure about that though.
Regards
Carsten
Am 13.12.2021 um 16:49 schrieb Robert Munteanu:
On Mon, 2021-12-13 at 16:40 +0100, Bertrand Delacretaz wrote:
If we make a statement I think it should include the list of modules
we have checked as "not embedding log4j2" and describe the method
used
for that check.
I have used `repo grep log4j` in the Sling repo checkout, manually
validated that we don't pull in log4j2.
If we exclude test code, we only get 54 lines, it should be quite easy
for someone else to cross-check my findings.
Thanks,
Robert
--
Carsten Ziegeler
Adobe
[email protected]
