Resolves the following issue reports:
Requires removal of log4j or replacing log4j with reload4j.
The log4j dependency is only a test dependency and therefore the vulnerability has a lower impact.
The log4j dependency comes in two places:
- Upgrade slf4j-log4j12 and apacheds-server-integ
- Update all org.slf4j group artifacts to version 1.7.36
- Update apacheds-server-integ to version 2.0.0-M24
- Add log4j exclusion to apacheds-server-integ
- Use reload4j (relocated log4j project) by changing dependency slf4j-log4j12 to slf4j-reload4j