Am 13.12.2021 um 19:05 schrieb Tim Allison:
All,
I'm currently in the process of building the rc1 for Tika 2.x. On
TIKA-3616, Luís Filipe Nassif asked if we could upgrade log4j to
log4j2 in the 1.x branch. I think we avoided that because it would be
a breaking change(?). There are security vulns in log4j and it hit
EOL
in August 2015.
Should we upgrade the Tika 1.x branch for log4j2?
Yes
Tilman
Best,
Tim
[1]
https://issues.apache.org/jira/browse/TIKA-3616?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17457595#comment-17457595
