A CVE has been reported on the popular logging implementation log4j.
As the PostgreSQL JDBC driver does not include this as a dependency we have determined that there is no need for concern. The driver is not vulnerable to this CVE.
Regards,
Dave Cramer
pgjdbc team