diff --git a/pom.xml b/pom.xml
index 39a145b506..94528737bf 100644
--- a/pom.xml
+++ b/pom.xml
@@ -124,7 +124,7 @@
         <!-- this is the last version of log4j that is compatible with Java 7. Due to a known vulnerability
         (https://nvd.nist.gov/vuln/detail/CVE-2020-9488#vulnCurrentDescriptionTitle), the SMTP appender is
          excluded from the build and not packaged into the agent artifacts -->
-        <version.log4j>2.24.2</version.log4j>
+        <version.log4j>2.12.4</version.log4j>
         <version.ecs.logging>1.6.0</version.ecs.logging>
         <version.spring>5.0.15.RELEASE</version.spring>
         <version.jetty-server>9.4.11.v20180605</version.jetty-server>