Background
To fix security issues with older Log4j libraries, follow these steps in order to update them to a new version. Important: this will update the Log4j versions of the jobs being build by Talend Open Studio (TOS), but not the underlying Log4j libraries used by TOS itself. I.e. running and debugging jobs within TOS itself, will still be based on the original Log4j libraries shipped with TOS.
Steps to follow
The following steps have been tested to work for Talend Open Studio 8 for Data Integration (TOSDI8).
Step 1 – enable Log4j v2
Open your Talend job in the Open Studio. From the toolbar click the “Project settings” button 
In the Project Settings dialog select Log4j in the left side. Make sure the “Log4j version” is selected as “log4j2”
Click “Apply and Close”
Step 2 – download updated Log4j jar files from Maven Central
The updated jar files can be downloaded from https://mvnrepository.com/artifact/org.apache.logging.log4j
The following are the direct links to the 2.17.2 version being the latest as of writing.
https://repo1.maven.org/maven2/org/apache/logging/log4j/log4j-1.2-api/2.17.2/log4j-1.2-api-2.17.2.jar
https://repo1.maven.org/maven2/org/apache/logging/log4j/log4j-api/2.17.2/log4j-api-2.17.2.jar
https://repo1.maven.org/maven2/org/apache/logging/log4j/log4j-core/2.17.2/log4j-core-2.17.2.jar
https://repo1.maven.org/maven2/org/apache/logging/log4j/log4j-jcl/2.17.2/log4j-jcl-2.17.2.jar
https://repo1.maven.org/maven2/org/apache/logging/log4j/log4j-jul/2.17.2/log4j-jul-2.17.2.jar
https://repo1.maven.org/maven2/org/apache/logging/log4j/log4j-slf4j-impl/2.17.2/log4j-slf4j-impl-2.17.2.jar
https://repo1.maven.org/maven2/org/apache/logging/log4j/log4j-to-slf4j/2.17.2/log4j-to-slf4j-2.17.2.jar
Step 3 – point modules to the new jar files
From inside Talend Open Studio select menu “Windows->Show view…->Modules” and select Open
In the search bar enter “2.12.1” (this is the current version used by Talend, if a different version is used start out determining what version – e.g. search by log4j first).
For each of the installed Log4j libraries (marked in red on the above picture) in turn click the right side “…” button and select the new updated jar having the similar name. You will need to click the “Detect the module install status” (2) to enable the OK button.
Repeat the above steps for all of the marked libraries – be careful to select the correct corresponding downloaded jar for each!!
Step 4 – build your job and verify that libaries have been updated
Now build your Talend Job, see this topic for additional information about how to execute Talend jobs from a macro in ROB-EX Scheduler. Verify that the “lib” folder of the compiled job now contains the new updated Log4j jar files, see picture below.
Post your comment on this topic.