Skip to main content
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [cross-project-issues-dev] Log4j 1.x vulnerability
Hi,

I got in contact with the reload4j team. They changed the Bundle-SymbolicName to org.apache.log4j and fixed several OSGi meta data related issues in the meanwhile. Today they published 1.2.19 which should work as a drop-in replacement in Eclipse based applications where Require-Bundle was used. My local tests worked so far.

That said, re-bundling for Orbit should not be necessary as reload4j could directly be consumed via Maven Central. 

Just wanted to keep you updated. 

Greez, 
Dirk 

Ed Willink <ed.willink@xxxxxxxxx> schrieb am Mi., 26. Jan. 2022, 13:47:
Hi

On 26/01/2022 07:48, Christoph Läubrich wrote:
> Why not using SLF4J in all places and let the user choose the
> implementation with their favorite CVEs?

Use of SLF4J has been suggested before and so I tried to be a good
Eclipse citizen. My failed attempts are described in:

https://bugs.eclipse.org/bugs/show_bug.cgi?id=559532

If SLF4J is to be used, can someone please ensure that the platform is
fit for purpose and that there is a good tutorial on how to do really
boring logging.

Regards

Ed Willink


--
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus

_______________________________________________
cross-project-issues-dev mailing list
cross-project-issues-dev@xxxxxxxxxxx
To unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/cross-project-issues-dev

Back to the top