Hello, I am aware that the new karaf version 4.3.4 will fix the Log4j Vulnerability (CVE-2021-44228).
However, I can't upgrade karaf in my project. Is there a hotfix option? (Ideally only touching log4j) I tried to swap out Pax Logging: bundle:install mvn:org.ops4j.pax.logging/pax-logging-log4j2/2.0.11 bundle:install mvn:org.ops4j.pax.logging/pax-logging-api/2.0.11 bundle:uninstall 6 bundle:uninstall 7 Log files are written, but I get class path issues like (Bundles no longer starting up): ClassNotFoundException: org.apache.commons.logging.LogFactory kind regards, Raggy
