Carsten Ziegeler created SLING-13093:
----------------------------------------
Summary: Sling XSS should not depend on log4j 1.x
Key: SLING-13093
URL: https://issues.apache.org/jira/browse/SLING-13093
Project: Sling
Issue Type: Bug
Components: XSS Protection API
Affects Versions: XSS Protection API 2.4.8
Reporter: Carsten Ziegeler
Some component currently requires org.apache.log4j, at least this is in the
package imports.
As log4j 1.x is out of life since over ten years
(https://logging.apache.org/log4j/2.x/migrate-from-log4j1.html), this
dependency needs to be removed.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
