Update Play framework with Log4j 2.15.0 dependency

Hi All,

We have been using Play framework 1.3 for years now in our projects which is using Log4j version of 1.2.17 that is super old. Recently there are a lot of buzz on the internet regarding the Log4j vulnerabilities, and to secure our web apps we will need to update the Log4j version to 2.15.0.
Is it possible to get rid of the older version of Log4j from the class path ?
Also is it possible to get it fixed from the Play framework’s DEV team ?

Thanks, in advance.

I think you might want to take a look at this discussion: Log4j Critical Exploit - Play1 possibly unaffected · Issue #1367 · playframework/play1 · GitHub