We are currently using Quartz libraries(version 2.3.0) to schedule some jobs to run on certain intervals according to our application needs. Our IT security team noticed that the application is currently using Log4j version 1.2.16 which is not supported anymore as it has reached its end of life prior to 2016 and we were asked to upgrade to a version that is recent(currently supported).
However, Quartz Library uses Log4j 1.2.16 and slf4j-api-1.7.7 and slf4j-log4j12-1.7.7 jars as part of dependencies. I looked up at the recent versions of Quartz and notice the latest version also uses the same set of dependencies. Is there a different version of Quartz that uses the latest libraries of Log4J? Any guidance on upgrading the Log4J and slf4j to one of the recent versions? Please advise and share your thoughts. Thank you.
