[jira] [Commented] (CONFIGURATION-815) Package depends on log4j 1.2.17

Rob Spoor (Jira) Thu, 14 Jul 2022 04:25:10 -0700


    [ 
https://issues.apache.org/jira/browse/CONFIGURATION-815?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17566801#comment-17566801
 ]


Rob Spoor commented on CONFIGURATION-815:
-----------------------------------------

Why not switch to reload4j? It's a drop-in replacement for Log4J 1.x with most 
(if not all) of the vulnerabilities fixed.

> Package depends on log4j 1.2.17
> -------------------------------
>
>                 Key: CONFIGURATION-815
>                 URL: https://issues.apache.org/jira/browse/CONFIGURATION-815
>             Project: Commons Configuration
>          Issue Type: Task
>            Reporter: Henri Yandell
>            Priority: Major
>
> Commons Configuration has a test dependency on log4j 1.2.17. As log4j 1.x is 
> EOL; it feels like that should be updated/replaced.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Commented] (CONFIGURATION-815) Package depends on log4j 1.2.17

Reply via email to