MockMotor is Not Using Log4J
MockMotor is not impacted by Log4J Security Issues
MockMotor is not using Log4J.
Because of that, MockMotor is not impacted by the Log4J remote security hole (fixed in Log4J 2.16) and subsequent remote DoS attack (fixed in Log4J 2.17). Or any future Log4J vulnerabilities.
MockMotor keeps its dependencies minimal. Using a third-party logging library when a perfectly good API exists
java.util core package seemed like overkill. And an increase of vulnerability surface, as it turned out.
The Bottom Line
You don’t need to upgrade MockMotor because of the Log4J debacle.