The Simple Logging Facade for Java or is a simple facade for various logging APIs allowing the end-user to plug in the desired implementation at deployment time. SLF4J also allows for a gradual migration path away from Jakarta Commons Logging . Security Fix: * slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution For more details about the security issue, including the impact, a CVSS score, and other related information, refer to the CVE page listed in the References section. Red Hat would like to thank Chris McCown for reporting this issue.