Hi, to prevent duplicate work: I'm preparing a patch to get log4j out.
Greetings Matthias Am Donnerstag, dem 23.03.2023 um 09:53 -0400 schrieb William Shackleford: > Netbeans appears to include log4j even the most recent version. > > in > > netbeans/ide/modules/ext/log4j-1.2.15.jar > > Our IT security group has flagged it and requires that it be removed even > though as it is version 1 it is not vulnerable to the most famous issue as > apparently there were other issues and it is no longer supported. > > What are the consequences of removing it? > > How would I go about committing or just suggestion a change to have it > removed from future versions to avoid triggering our security team from > telling everyone to delete it and maybe all of netbeans with it? --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@netbeans.apache.org For additional commands, e-mail: dev-h...@netbeans.apache.org For further information about the NetBeans mailing lists, visit: https://cwiki.apache.org/confluence/display/NETBEANS/Mailing+lists
