[
https://issues.apache.org/jira/browse/AXIS2-5857?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17489095#comment-17489095
]
Robert Lazarski commented on AXIS2-5857:
----------------------------------------
Log4j 1.x is not distributed in the axis2 binary releases - it is merely a test
dependency of the JMS module code that hasn't been updated much in a very long
time.
I have my doubts if anyone is using JMS with Axis2 at all anymore.
The problem is this test code depends on an ancient release of another Apache
project qpid. Our test classes depend on code that no longer exists in qpid. So
it has to be re-written.
I'm going to give it a shot. It's possible we will remove the problem code
though that is a last resort.
> Log4j 1.x has reached EOL
> --------------------------
>
> Key: AXIS2-5857
> URL: https://issues.apache.org/jira/browse/AXIS2-5857
> Project: Axis2
> Issue Type: Improvement
> Affects Versions: 1.7.5
> Reporter: spoorti
> Priority: Minor
>
> The log4j 1.x has reached EOL. Even the latest release version of Axis2
> contains the 1.x version of the log4j.
> It need to be upgraded to 2.8.2 or higher since the other 2.x versions has
> vulnerability reported.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
---------------------------------------------------------------------
To unsubscribe, e-mail: java-dev-unsubscr...@axis.apache.org
For additional commands, e-mail: java-dev-h...@axis.apache.org
