A [CVE](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228) has been reported on the popular logging implementation log4j.
As the PostgreSQL JDBC driver does not include this as a dependency we have determined that there is no need for concern.
The driver is not vulnerable to this CVE.
Regards,
Dave Cramer
pgjdbc team