@WebHubTel Yep, like 10/12 members you're an "owner" with all permissions. I didn't know that there's a github sec. alert system. You must be signed up to it but I'm not. I found the report with that GHSA id in the github security db http://bit.ly/37XWRbL. It's 2 decades since I used maven and can't remember what log4j was so I just deleted that dependency from the pom file. @grahamjones wasn't this your code? Because I ported most of the code in the project from some other repo for some reason, I'm named as the committer for all of it. @davidtanzer All "owners" has been the rights system for years as anybody who's got a legit. github account and is an Azimuth project member is trusted.