Everytime I reboot or update lucee, log4j-1.2.17.jar keeps re-appearing under Lucee,tomcat,lucee-server,bundles.
Running most recent stable version 5.3.9.166. I was under the impression that ALL bundled log4j 1.2.X versions were removed. How do I keep this jar file from re-appearing?
I would make sure you are using the latest Lucee jar and not just an under version of Lucee with an updated core file. Also, the jar may be coming from an extension that’s not part of the Lucee core.