[
https://issues.apache.org/jira/browse/EMPIREDB-374?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17494619#comment-17494619
]
Rainer Döbele commented on EMPIREDB-374:
----------------------------------------
We are only still using log4j 1.x for our code examples.
The core module and all extensions (i.e. everything that someone would use in
their own projects) have only a dependency to Slf4J, so any logger can be used.
The examples are using the lo4j DomConfigurator for which there is
unfortunately no replacement by either Logback or Log4J 2.x. I will have a look
at reload4j though.
> replace log4jv1 usage - EOL and with multiple security vulnerabilities
> ----------------------------------------------------------------------
>
> Key: EMPIREDB-374
> URL: https://issues.apache.org/jira/browse/EMPIREDB-374
> Project: Empire-DB
> Issue Type: Improvement
> Reporter: PJ Fanning
> Priority: Major
>
> [https://github.com/apache/empire-db/blob/master/pom.xml] has dependency on
> log4j 1.2.17
> Options include:
> * switching to latest log4j v2
> * switch to logback
> * switch to reload4j - a fork of log4j v1 but with security fixes
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
