How to remove/exclude the deprecated libraries that is not directly utilised in the codebase | Community
Skip to main content
K
khn
Level 2
January 29, 2026
Question

How to remove/exclude the deprecated libraries that is not directly utilised in the codebase

  • January 29, 2026
  • 3 replies
  • 32 views

Hi, 

Deprecated Library Detected

The following library is deprecated, but used in your code and so must be removed:

  • Library: ch.qos.logback
  • Deprecated Since: 2022-01-27
  • Scheduled Removal Date: 2026-02-26

Recommended Action:

  • Replace deprecated packages with their recommended newer versions, in order to keep your application secure and performant.
     

logback library is not used in our codebase. But, I think it is linked and slf4j for logger in our codebase. Please help me in how to scan locally to check if the library is getting used and remove it. 

Thanks.

    3 replies

    K
    Kirthika
    Level 2
    January 29, 2026

    if you not able to find in felix console,try to add this dependecy in pom.xml and try to run maven build.

    !--scriptorstartfragment-->

    <dependency>

      <groupId>org.apache.sling</groupId>

      <artifactId>org.apache.sling.commons.log</artifactId>

      <scope>provided</scope>

      <exclusions>

        <exclusion>

          <groupId>ch.qos.logback</groupId>

          <artifactId>logback-classic</artifactId>

        </exclusion>

        <exclusion>

          <groupId>ch.qos.logback</groupId>

          <artifactId>logback-core</artifactId>

        </exclusion>

      </exclusions>

    </dependency>!--scriptorendfragment-->

    gkalyan
    Community Advisor and Adobe Champion
    gkalyanCommunity Advisor and Adobe Champion
    Community Advisor and Adobe Champion
    January 29, 2026

    @khn 

    Try running the below command in the terminal, this should give all the dependencies in a tree structure for you find where ch.qos.logback is referenced.

    mvn dependency:tree -Dincludes=ch.qos.logback

     

    Once you found it, you can use the exclusion tags ​@Kirthika suggested.

     

    Here is a list of deprecated list you can reference from  

    https://javadoc.io/doc/ch.qos.logback/logback-classic/1.5.18/deprecated-list.html

     

    R
    Roshan2410002
    Level 1
    January 30, 2026

    Hi All,

    We have also received an alert in our AEM as a cloud service environment and regarding the library mentioned (ch.qos.logback) we are not able to find anything in our codebase. In the production logs, We are able to see this library from OOTB classes.

    Logs:-

    *INFO* [FelixLogListener] Events.Service.com.adobe.granite.logging Service [1676, [ch.qos.logback.core.filter.Filter]] ServiceEvent UNREGISTERING

    *INFO* [FelixLogListener] Events.Service.com.adobe.aem.developer.console.support Service [com.adobe.aem.developer.console.support.impl.apifirst.logging.DynamicLogFilter,6173, [ch.qos.logback.classic.turbo.TurboFilter]] ServiceEvent REGISTERED

     

    Still not sure how to update the library.

     

    Thanks,

    K
    Kirthika
    Level 2
    January 30, 2026

    Hi ​@Roshan2410002 

    I think this is not related to the code base, it's rendering from the OOTB of adobe.so you can report it to adobe :

    Mark the finding as Accepted / Vendor‑Managed Risk, as the deprecated ch.qos.logback library is used exclusively by Adobe OOTB bundles in AEM as a Cloud Service, is outside customer control, and cannot be remediated at the application level; all supporting analysis and evidence will be documented.

    Because OOTB default one we can't deprecated by our own code.

    K
    khnAuthor
    Level 2
    January 30, 2026

    Hi ​@Kirthika ,
    It is ootb dependency which is supporting slf4j for logging. Can we somehow update the version of this dependency. If we remove this will this impact our logging system.
     

     

    Terms & ConditionsAccessibility statement

    Loading footer...