Update or replace Log4J 1 library - geoserver/geoserver Wiki

GeoServer presently uses the older Log4J 1 library which is no longer actively maintained. The recently reported security vulnerability for Log4J 2 (which we do not use) has brought this matter to public attention.

This maintenance activity is to upgrade or replace the log4j library:



Please see our Sponsor page for details on how to financially supporting this activity.

Our thanks to the following organizations:


If you have availability to work on this activity we welcome your participation: