Since log4j is vulnerable I need to know if prometheus uses apache log4j . Can someone please help me on this.

Please see this reply: Logs4j CVE-2021-44228 Vulnerability - #2 by stuart

Thank you stuart