PSA: Didn't think that we needed to say this, but what with Log4J 2.17.0 out today - it's worth us stating explicitly that http4k is totally unaffected by the various log4j vulnerabilities. We also would take this opportunity to recommend that everyone also considers using the Structured Events implementation that we provide in the core in lieu of any actual logging library. 😉

I've been making silly filters that log the response metadata to slf4j. Now that I know about this, I'll look into it. Thanks!