Yes I have worked for many banks and even written Log4J loggers that log to chat channels. But I can still admit that Log4J is over-engineered and that a security flaw was inevitable. Log4J doesn't just log strings, it has an evaluator that can execute the strings and invoke arbitrary code. Are you telling me that your bank needed that feature?
