Hello, Hopefully this hasn't already been addressed. I couldn't find it if it has.
The console.war file starting with Artemis 2.17.0 contains a newer version of HawtIO. It contains WEB-INF\lib\log4j-1.2.17.jar, which some security scanners have a problem with because it's end of life. Are there any plans to update it to log4j 2.x, or at least use the log4j "1.x to 2.x" bridge JAR described here: https://logging.apache.org/log4j/2.x/manual/migration.html#Log4j1.2Bridge? I've replaced it with the following files and it appears to work without issue: WEB-INF\lib\log4j-1.2-api-2.17.2.jar WEB-INF\lib\log4j-api-2.17.2.jar WEB-INF\lib\log4j-core-2.17.2.jar I will continue to do this until WEB-INF\lib\log4j-1.2.17.jar is removed from the distribution. It still exists in the Artemis 2.20.0 distribution. Thank you, Aaron Steigerwald
