diff --git a/java_common.gradle b/java_common.gradle
index 425555b17..e56b62cf4 100644
--- a/java_common.gradle
+++ b/java_common.gradle
@@ -62,6 +62,12 @@ configurations {
     // See https://issues.apache.org/jira/browse/BEAM-8862
     it.exclude group: 'org.mockito', module: 'mockito-core'
   }
+  all.each {
+    // log4j has high-profile security vulnerabilities. It's a transitive
+    // dependency used by some Apache Beam packages. Excluding it does not
+    // impact our troubleshooting needs.
+    it.exclude group: 'org.apache.logging.log4j'
+  }
 }
 
 dependencies {