On Wed, Jan 26, 2022 at 8:48 AM Christoph Läubrich
wrote:
> I think redirecting logging messages to the eclipse log would better be
> done like SLF4j-osgi [1]
>
> What I really wonder is: Have these project really a hard
> requirement/demand on using especially Log4J(1/2)?
>
> Why not using SLF4J
Hi
On 26/01/2022 07:48, Christoph Läubrich wrote:
Why not using SLF4J in all places and let the user choose the
implementation with their favorite CVEs?
Use of SLF4J has been suggested before and so I tried to be a good
Eclipse citizen. My failed attempts are described in:
https://bugs.ecli
>From CVE-2022-23437:
There's a vulnerability within the Apache Xerces Java (XercesJ) XML parser
> when handling specially crafted XML document payloads. This causes, the
> XercesJ XML parser to wait in an infinite loop, which may sometimes consume
> system resources for prolonged duration. This v
Wayne,
I'll take it on.
On Wed, Jan 26, 2022 at 5:02 PM Wayne Beaton <
wayne.bea...@eclipse-foundation.org> wrote:
> From CVE-2022-23437:
>
> There's a vulnerability within the Apache Xerces Java (XercesJ) XML parser
>> when handling specially crafted XML document payloads. This causes, the
>> Xe
Of course, only now do I remember how much effort Aurélien had to go
through just to get the then-current version onto Maven Central.
On Wed, Jan 26, 2022 at 7:10 PM Nitin Dahyabhai
wrote:
> Wayne,
> I'll take it on.
>
> On Wed, Jan 26, 2022 at 5:02 PM Wayne Beaton <
> wayne.bea...@eclipse-found
