diff --git a/.github/dependency-review-config.yml b/.github/dependency-review-config.yml
index e39a95b..203a04b 100644
--- a/.github/dependency-review-config.yml
+++ b/.github/dependency-review-config.yml
@@ -65,9 +65,9 @@ deny_packages:
   - 'pkg:maven/org.apache.logging.log4j/log4j-core@2.0-alpha2'
   - 'pkg:maven/org.apache.logging.log4j/log4j-core@2.0-alpha1'
 # Any number of groups (namespaces in purl format) to block in a PR.
-deny_groups:
+#deny_groups:
   # All log4j v1
-  - 'pkg:maven/log4j'
+  #- 'pkg:maven/log4j'
 # Enable or disable retrying the action every 10 seconds while waiting for dependency submission actions to complete.
 # This will have no effect on GHES until the Dependency Submission API is available.
 retry_on_snapshot_warnings: true
@@ -78,4 +78,4 @@ warn_only: true
 # We are not going to run license checks for now.
 # We will look into running them later.
 # This check doesn't run on GHES anyway due to limitations in the API, so enabling it would only change things in github.com
-license_check: false
\ No newline at end of file
+license_check: false
diff --git a/my-app/pom.xml b/my-app/pom.xml
index 8671f90..0c0a87e 100644
--- a/my-app/pom.xml
+++ b/my-app/pom.xml
@@ -19,6 +19,12 @@
   </properties>
 
   <dependencies>
+    <!-- https://mvnrepository.com/artifact/org.apache.logging.log4j/log4j-core -->
+    <dependency>
+        <groupId>org.apache.logging.log4j</groupId>
+        <artifactId>log4j-core</artifactId>
+        <version>2.17.1</version>
+    </dependency>
     <dependency>
       <groupId>junit</groupId>
       <artifactId>junit</artifactId>