Cloned Version Uses log4j 1x which is No longer Supported

[edraper88]

Describe the bug
Hello, I'm an informatician with some IT skills and not a developer. Please forgive any wrong verbiage. I'm at Mayo Clinic and am using MedTagger on a project. I have a debian machine in the cloud and I cloned the repository, updated settings, use maven then ant to create a .jar.

My IT team contacted me stating that log4j 1x is a security risk. The cloned version when running with your standard pom.xml file creates the following files:
....home directory.../.m2/repository/log4j/1.2.12/log4j-1.2.12.jar
....home directory.../.m2/repository/log4j/1.2.12/log4j-1.2.12.pom
....home directory.../.m2/repository/log4j/1.2.12/log4j-1.2.12.jar.sha1
....home directory.../.m2/repository/log4j/1.2.12/log4j-1.2.12..pom.sha1

Desktop (please complete the following information):
Version: tf2-gpu.2-8.m112
Based on: Debian GNU/Linux 11 (bullseye) (GNU/Linux 5.10.0-33-cloud-amd64 x86_64\n)

Additional context
Wondering if you'll be updating your default version to avoid log4j 1.x since it is no longer supported. If you aren't planning on doing that, how do I change the configuration to avoid using those files?