as mentioned in debezium docs It uses Log4j for logging. but Log4j is vulnerable to security risks.
Is it possible to remove Log4j from debezium images(zookeeper, kafka etc)? if yes, will the removal cause any side effects? if no, how to remove it?
thanks for your time.
No, it cannot be removed.
Use the latest version of Kafka Connect (which is where the dependency comes from, not Debezium). It uses reload4j, which is log4j 1.x compatible.