Is there any plan to remove log4j 1.x library from APM Code?
APM 21.x, 22.x, 23.x releases
Analysis from Engineering:
"We removed the vulnerable parts of it. We distribute a stripped version that doesn't contain the vulnerable code.
But we understand that when a log4j 1.x library is detected by a customer it raises questions and we have a plan to remove it completely.
None at the moment.
log4j 1.x library removal should be done completely in our next on-premise release later this year 2023 or beginning 2024