jbertram commented on a change in pull request #662:
URL: https://github.com/apache/activemq/pull/662#discussion_r781697904
##########
File path: pom.xml
##########
@@ -82,7 +80,8 @@
<junit-version>4.13.2</junit-version>
<hamcrest-version>1.3</hamcrest-version>
<karaf-version>4.2.10</karaf-version>
- <log4j-version>1.2.17</log4j-version>
+ <slf4j-version>1.7.30</slf4j-version>
+ <log4j-version>2.14.1</log4j-version>
Review comment:
@tallpsmith, do you want 5.17.0 to use the latest Log4j 2.x so you can
use it in a FedRAMP environment and you haven't been able to so far? If you
wanted to use ActiveMQ in such an environment you could have been using
ActiveMQ Artemis for the last few years - at least as far as Log4j is concerned.
In any event, any vendor/supplier who uses an open source project (e.g.
ActiveMQ) is in a _great_ position whether that project uses Log4j 1.x or not
due to the simple fact that they can get involved in that project and implement
the changes they need along with the rest of the community. The Jira to upgrade
ActiveMQ "Classic" to Log4j 2.x has been open for almost 2 years now. _Anybody_
could have jumped in, implemented the necessary changes, and sent a PR.
I'm not sure what you mean by "supported distribution." You can find details
about support on the [ActiveMQ website](https://activemq.apache.org/support).
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
