All, I'm currently in the process of building the rc1 for Tika 2.x. On TIKA-3616, Luís Filipe Nassif asked if we could upgrade log4j to log4j2 in the 1.x branch. I think we avoided that because it would be a breaking change(?). There are security vulns in log4j and it hit EOL in August 2015. Should we upgrade the Tika 1.x branch for log4j2?
Best, Tim [1] https://issues.apache.org/jira/browse/TIKA-3616?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17457595#comment-17457595