date:20211216

Re: [ofbiz-framework] branch release18.12 updated: Improved: Apache Log4j2 (OFBIZ-12449)

2021-12-16 Thread Michael Brohl


+1

Thanks,

Michael

Am 16.12.21 um 17:58 schrieb Jacques Le Roux:

Hi Jacopo,

+1, with now also Solr and Lucene

Jacques

Le 16/12/2021 à 17:13, Jacopo Cappellato a écrit :
I think it would be a good idea to prepare a new release with this 
change. WDYT?


Jacopo

On Tue, Dec 14, 2021 at 12:30 PM  wrote:

This is an automated email from the ASF dual-hosted git repository.

jleroux pushed a commit to branch release18.12
in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git


The following commit(s) were added to refs/heads/release18.12 by 
this push:

  new e83559d  Improved: Apache Log4j2 (OFBIZ-12449)
e83559d is described below

commit e83559d1516f69b127552a58c1e7fb288030abf2
Author: Jacques Le Roux 
AuthorDate: Tue Dec 14 12:28:38 2021 +0100

 Improved: Apache Log4j2 (OFBIZ-12449)

 Updates log4j2 from 2.15.0 to 2.16.0 because of
https://lists.apache.org/thread/d6v4r6nosxysyq9rvnr779336yf0woz4

 It's not a security issue, I lazily use OFBIZ-12449 because it 
can improve

 security even if it's not necessary (dixit the announce)
---
  build.gradle | 12 ++--
  1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/build.gradle b/build.gradle
index f8efad1..b6772f9 100644
--- a/build.gradle
+++ b/build.gradle
@@ -190,7 +190,7 @@ dependencies {
  compile 
'org.apache.geronimo.components:geronimo-transaction:3.1.4'

  compile 'org.apache.geronimo.specs:geronimo-jms_1.1_spec:1.1.1'
  compile 'org.apache.httpcomponents:httpclient-cache:4.5.6'
-    compile 'org.apache.logging.log4j:log4j-api:2.15.0' // the API 
of log4j 2
+    compile 'org.apache.logging.log4j:log4j-api:2.16.0' // the API 
of log4j 2

  compile 'org.apache.poi:poi:3.17'
  compile 'org.apache.pdfbox:pdfbox:2.0.24'
  compile 'org.apache.shiro:shiro-core:1.4.0'
@@ -231,11 +231,11 @@ dependencies {
  runtime 'org.apache.axis2:axis2-transport-local:1.7.8'
  runtime 'org.apache.derby:derby:10.14.2.0'
  runtime 'org.apache.geronimo.specs:geronimo-jaxrpc_1.1_spec:1.1'
-    runtime 'org.apache.logging.log4j:log4j-1.2-api:2.15.0' // for 
external jars using the old log4j1.2: routes logging to log4j 2
-    runtime 'org.apache.logging.log4j:log4j-core:2.15.0' // the 
implementation of the log4j 2 API
-    runtime 'org.apache.logging.log4j:log4j-jul:2.15.0' // for 
external jars using the java.util.logging: routes logging to log4j 2
-    runtime 'org.apache.logging.log4j:log4j-slf4j-impl:2.15.0' // 
for external jars using slf4j: routes logging to log4j 2
-    runtime 'org.apache.logging.log4j:log4j-jcl:2.15.0' // need to 
constrain to version to avoid classpath conflict (ReflectionUtil)
+    runtime 'org.apache.logging.log4j:log4j-1.2-api:2.16.0' // for 
external jars using the old log4j1.2: routes logging to log4j 2
+    runtime 'org.apache.logging.log4j:log4j-core:2.16.0' // the 
implementation of the log4j 2 API
+    runtime 'org.apache.logging.log4j:log4j-jul:2.16.0' // for 
external jars using the java.util.logging: routes logging to log4j 2
+    runtime 'org.apache.logging.log4j:log4j-slf4j-impl:2.16.0' // 
for external jars using slf4j: routes logging to log4j 2
+    runtime 'org.apache.logging.log4j:log4j-jcl:2.16.0' // need to 
constrain to version to avoid classpath conflict (ReflectionUtil)
  runtime 
'org.codeartisans.thirdparties.swing:batik-all:1.8pre-r1084380'


  // plugin libs

Re: [ofbiz-framework] branch release18.12 updated: Improved: Apache Log4j2 (OFBIZ-12449)

2021-12-16 Thread Jacques Le Roux


Hi Jacopo,

+1, with now also Solr and Lucene

Jacques

Le 16/12/2021 à 17:13, Jacopo Cappellato a écrit :

I think it would be a good idea to prepare a new release with this change. WDYT?

Jacopo

On Tue, Dec 14, 2021 at 12:30 PM  wrote:

This is an automated email from the ASF dual-hosted git repository.

jleroux pushed a commit to branch release18.12
in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git


The following commit(s) were added to refs/heads/release18.12 by this push:
  new e83559d  Improved: Apache Log4j2 (OFBIZ-12449)
e83559d is described below

commit e83559d1516f69b127552a58c1e7fb288030abf2
Author: Jacques Le Roux 
AuthorDate: Tue Dec 14 12:28:38 2021 +0100

 Improved: Apache Log4j2 (OFBIZ-12449)

 Updates log4j2 from 2.15.0 to 2.16.0 because of
 https://lists.apache.org/thread/d6v4r6nosxysyq9rvnr779336yf0woz4

 It's not a security issue, I lazily use OFBIZ-12449 because it can improve
 security even if it's not necessary (dixit the announce)
---
  build.gradle | 12 ++--
  1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/build.gradle b/build.gradle
index f8efad1..b6772f9 100644
--- a/build.gradle
+++ b/build.gradle
@@ -190,7 +190,7 @@ dependencies {
  compile 'org.apache.geronimo.components:geronimo-transaction:3.1.4'
  compile 'org.apache.geronimo.specs:geronimo-jms_1.1_spec:1.1.1'
  compile 'org.apache.httpcomponents:httpclient-cache:4.5.6'
-compile 'org.apache.logging.log4j:log4j-api:2.15.0' // the API of log4j 2
+compile 'org.apache.logging.log4j:log4j-api:2.16.0' // the API of log4j 2
  compile 'org.apache.poi:poi:3.17'
  compile 'org.apache.pdfbox:pdfbox:2.0.24'
  compile 'org.apache.shiro:shiro-core:1.4.0'
@@ -231,11 +231,11 @@ dependencies {
  runtime 'org.apache.axis2:axis2-transport-local:1.7.8'
  runtime 'org.apache.derby:derby:10.14.2.0'
  runtime 'org.apache.geronimo.specs:geronimo-jaxrpc_1.1_spec:1.1'
-runtime 'org.apache.logging.log4j:log4j-1.2-api:2.15.0' // for external 
jars using the old log4j1.2: routes logging to log4j 2
-runtime 'org.apache.logging.log4j:log4j-core:2.15.0' // the implementation 
of the log4j 2 API
-runtime 'org.apache.logging.log4j:log4j-jul:2.15.0' // for external jars 
using the java.util.logging: routes logging to log4j 2
-runtime 'org.apache.logging.log4j:log4j-slf4j-impl:2.15.0' // for external 
jars using slf4j: routes logging to log4j 2
-runtime 'org.apache.logging.log4j:log4j-jcl:2.15.0' // need to constrain 
to version to avoid classpath conflict (ReflectionUtil)
+runtime 'org.apache.logging.log4j:log4j-1.2-api:2.16.0' // for external 
jars using the old log4j1.2: routes logging to log4j 2
+runtime 'org.apache.logging.log4j:log4j-core:2.16.0' // the implementation 
of the log4j 2 API
+runtime 'org.apache.logging.log4j:log4j-jul:2.16.0' // for external jars 
using the java.util.logging: routes logging to log4j 2
+runtime 'org.apache.logging.log4j:log4j-slf4j-impl:2.16.0' // for external 
jars using slf4j: routes logging to log4j 2
+runtime 'org.apache.logging.log4j:log4j-jcl:2.16.0' // need to constrain 
to version to avoid classpath conflict (ReflectionUtil)
  runtime 'org.codeartisans.thirdparties.swing:batik-all:1.8pre-r1084380'

  // plugin libs

Re: [ofbiz-framework] branch release18.12 updated: Improved: Apache Log4j2 (OFBIZ-12449)

2021-12-16 Thread Jacopo Cappellato

I think it would be a good idea to prepare a new release with this change. WDYT?

Jacopo

On Tue, Dec 14, 2021 at 12:30 PM  wrote:
>
> This is an automated email from the ASF dual-hosted git repository.
>
> jleroux pushed a commit to branch release18.12
> in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git
>
>
> The following commit(s) were added to refs/heads/release18.12 by this push:
>  new e83559d  Improved: Apache Log4j2 (OFBIZ-12449)
> e83559d is described below
>
> commit e83559d1516f69b127552a58c1e7fb288030abf2
> Author: Jacques Le Roux 
> AuthorDate: Tue Dec 14 12:28:38 2021 +0100
>
> Improved: Apache Log4j2 (OFBIZ-12449)
>
> Updates log4j2 from 2.15.0 to 2.16.0 because of
> https://lists.apache.org/thread/d6v4r6nosxysyq9rvnr779336yf0woz4
>
> It's not a security issue, I lazily use OFBIZ-12449 because it can improve
> security even if it's not necessary (dixit the announce)
> ---
>  build.gradle | 12 ++--
>  1 file changed, 6 insertions(+), 6 deletions(-)
>
> diff --git a/build.gradle b/build.gradle
> index f8efad1..b6772f9 100644
> --- a/build.gradle
> +++ b/build.gradle
> @@ -190,7 +190,7 @@ dependencies {
>  compile 'org.apache.geronimo.components:geronimo-transaction:3.1.4'
>  compile 'org.apache.geronimo.specs:geronimo-jms_1.1_spec:1.1.1'
>  compile 'org.apache.httpcomponents:httpclient-cache:4.5.6'
> -compile 'org.apache.logging.log4j:log4j-api:2.15.0' // the API of log4j 2
> +compile 'org.apache.logging.log4j:log4j-api:2.16.0' // the API of log4j 2
>  compile 'org.apache.poi:poi:3.17'
>  compile 'org.apache.pdfbox:pdfbox:2.0.24'
>  compile 'org.apache.shiro:shiro-core:1.4.0'
> @@ -231,11 +231,11 @@ dependencies {
>  runtime 'org.apache.axis2:axis2-transport-local:1.7.8'
>  runtime 'org.apache.derby:derby:10.14.2.0'
>  runtime 'org.apache.geronimo.specs:geronimo-jaxrpc_1.1_spec:1.1'
> -runtime 'org.apache.logging.log4j:log4j-1.2-api:2.15.0' // for external 
> jars using the old log4j1.2: routes logging to log4j 2
> -runtime 'org.apache.logging.log4j:log4j-core:2.15.0' // the 
> implementation of the log4j 2 API
> -runtime 'org.apache.logging.log4j:log4j-jul:2.15.0' // for external jars 
> using the java.util.logging: routes logging to log4j 2
> -runtime 'org.apache.logging.log4j:log4j-slf4j-impl:2.15.0' // for 
> external jars using slf4j: routes logging to log4j 2
> -runtime 'org.apache.logging.log4j:log4j-jcl:2.15.0' // need to constrain 
> to version to avoid classpath conflict (ReflectionUtil)
> +runtime 'org.apache.logging.log4j:log4j-1.2-api:2.16.0' // for external 
> jars using the old log4j1.2: routes logging to log4j 2
> +runtime 'org.apache.logging.log4j:log4j-core:2.16.0' // the 
> implementation of the log4j 2 API
> +runtime 'org.apache.logging.log4j:log4j-jul:2.16.0' // for external jars 
> using the java.util.logging: routes logging to log4j 2
> +runtime 'org.apache.logging.log4j:log4j-slf4j-impl:2.16.0' // for 
> external jars using slf4j: routes logging to log4j 2
> +runtime 'org.apache.logging.log4j:log4j-jcl:2.16.0' // need to constrain 
> to version to avoid classpath conflict (ReflectionUtil)
>  runtime 'org.codeartisans.thirdparties.swing:batik-all:1.8pre-r1084380'
>
>  // plugin libs

Re: lib/README file and .DS_Store in .gitignore

2021-12-16 Thread Jacques Le Roux


Thanks Pierre,

Removed

Le 16/12/2021 à 12:37, Pierre Smits a écrit :

Hi Jacques,

IMO, 'applications/content/index/' can be removed from .gitignore, as
indexes should be under the 'runtime' folder. And, AFAICT, this
'applications/content/index/' isn't in use in current setup.

Met vriendelijke groet,

Pierre Smits
*Proud* *contributor** of* Apache OFBiz  since
2008 (without privileges)
Proud contributor to the ASF since 2006

*Apache Directory , PMC Member*


On Thu, Dec 16, 2021 at 11:18 AM Michael Brohl 
wrote:


Thanks Jacques!

Michael

Am 16.12.21 um 08:11 schrieb Jacques Le Roux:

Thanks Michael,

I add a doubt, fixed

Jacques

Le 15/12/2021 à 20:43, Michael Brohl a écrit :

Hi Jacques,

thanks for bringing this up.

The lib dir is a mechanism which allows users to use and load
external libs which can not (or should not) be loaded from external
repositories through the Gradle mechanism. It is used in build.gradle
at the end of the dependencies section.

We do not use this library path but others may be using it. It's a
feature to extend OFBiz, does no harm and might be useful in some cases.

I would propose to keep it and change the README inside the folder to
point to Maven Central instead of jCenter.

Yes, .DS_Store is Mac related (https://file.org/extension/ds_store)
and should stay in .gitignore.

Thanks

Michael

ecomify GmbH - www.ecomify.de

Am 15.12.21 um 17:36 schrieb Jacques Le Roux:

Hi All,

The lib/README file contains deprecated information, like using
jcenter. I propose to get rid of the whole lib dir, except if I miss
something (I know .DS_Store is Apple-Mac related)?

Jacques

Re: lib/README file and .DS_Store in .gitignore

2021-12-16 Thread Pierre Smits

Hi Jacques,

IMO, 'applications/content/index/' can be removed from .gitignore, as
indexes should be under the 'runtime' folder. And, AFAICT, this
'applications/content/index/' isn't in use in current setup.

Met vriendelijke groet,

Pierre Smits
*Proud* *contributor** of* Apache OFBiz  since
2008 (without privileges)
Proud contributor to the ASF since 2006

*Apache Directory , PMC Member*


On Thu, Dec 16, 2021 at 11:18 AM Michael Brohl 
wrote:

> Thanks Jacques!
>
> Michael
>
> Am 16.12.21 um 08:11 schrieb Jacques Le Roux:
> > Thanks Michael,
> >
> > I add a doubt, fixed
> >
> > Jacques
> >
> > Le 15/12/2021 à 20:43, Michael Brohl a écrit :
> >> Hi Jacques,
> >>
> >> thanks for bringing this up.
> >>
> >> The lib dir is a mechanism which allows users to use and load
> >> external libs which can not (or should not) be loaded from external
> >> repositories through the Gradle mechanism. It is used in build.gradle
> >> at the end of the dependencies section.
> >>
> >> We do not use this library path but others may be using it. It's a
> >> feature to extend OFBiz, does no harm and might be useful in some cases.
> >>
> >> I would propose to keep it and change the README inside the folder to
> >> point to Maven Central instead of jCenter.
> >>
> >> Yes, .DS_Store is Mac related (https://file.org/extension/ds_store)
> >> and should stay in .gitignore.
> >>
> >> Thanks
> >>
> >> Michael
> >>
> >> ecomify GmbH - www.ecomify.de
> >>
> >> Am 15.12.21 um 17:36 schrieb Jacques Le Roux:
> >>> Hi All,
> >>>
> >>> The lib/README file contains deprecated information, like using
> >>> jcenter. I propose to get rid of the whole lib dir, except if I miss
> >>> something (I know .DS_Store is Apple-Mac related)?
> >>>
> >>> Jacques
> >>>
>

Re: lib/README file and .DS_Store in .gitignore

2021-12-16 Thread Michael Brohl


Thanks Jacques!

Michael

Am 16.12.21 um 08:11 schrieb Jacques Le Roux:

Thanks Michael,

I add a doubt, fixed

Jacques

Le 15/12/2021 à 20:43, Michael Brohl a écrit :

Hi Jacques,

thanks for bringing this up.

The lib dir is a mechanism which allows users to use and load 
external libs which can not (or should not) be loaded from external 
repositories through the Gradle mechanism. It is used in build.gradle 
at the end of the dependencies section.


We do not use this library path but others may be using it. It's a 
feature to extend OFBiz, does no harm and might be useful in some cases.


I would propose to keep it and change the README inside the folder to 
point to Maven Central instead of jCenter.


Yes, .DS_Store is Mac related (https://file.org/extension/ds_store) 
and should stay in .gitignore.


Thanks

Michael

ecomify GmbH - www.ecomify.de

Am 15.12.21 um 17:36 schrieb Jacques Le Roux:

Hi All,

The lib/README file contains deprecated information, like using 
jcenter. I propose to get rid of the whole lib dir, except if I miss 
something (I know .DS_Store is Apple-Mac related)?


Jacques

Re: [ofbiz-framework] branch release18.12 updated: Improved: Apache Log4j2 (OFBIZ-12449)

Re: [ofbiz-framework] branch release18.12 updated: Improved: Apache Log4j2 (OFBIZ-12449)

Re: [ofbiz-framework] branch release18.12 updated: Improved: Apache Log4j2 (OFBIZ-12449)

Re: lib/README file and .DS_Store in .gitignore

Re: lib/README file and .DS_Store in .gitignore

Re: lib/README file and .DS_Store in .gitignore

6 matches

Site Navigation

Mail list logo

Footer information