Re: Sprint-boot 1.5.x with maven is affected por log4j vulnerability?

2022-03-29 Thread Gary Gregory
Note that this email list does not allow attachments. Gary On Tue, Mar 29, 2022, 16:47 Juan Jose Silupu Maza < juanjose.silupum...@nttdata.com> wrote: > > > > > Enviado desde Correo > para Windows > > > > *De: *Juan Jose Silupu Maza > *Enviado: *

Re: Log4j 1.2.x Customer Appender not used as "Plugin" by Log4j 1.2 Bridge

2022-03-29 Thread Ralph Goers
Comments below. > On Mar 29, 2022, at 3:01 PM, Pablo Rogina wrote: > > Ralph, thank you for your reply. > >> To be usable in your configuration a Log4j 1.2 Appender cannot be a Log4j2 >> plugin. > Ok. It is not, as my CustomAppender extends RollingFileAppender (from > Log4j v 1.2.x) > >> You

Re: Log4j 1.2.x Customer Appender not used as "Plugin" by Log4j 1.2 Bridge

2022-03-29 Thread Pablo Rogina
Ralph, thank you for your reply. > To be usable in your configuration a Log4j 1.2 Appender cannot be a Log4j2 > plugin. Ok. It is not, as my CustomAppender extends RollingFileAppender (from Log4j v 1.2.x) > You would configure it exactly as you do in log4j 1.x, via its class name. Ok. I think it

Sprint-boot 1.5.x with maven is affected por log4j vulnerability?

2022-03-29 Thread Juan Jose SilupĂș Maza
I have a maven project with spring-boot 1.5.21.RELEASE. Run the command: mvn dependency:tree | grep log4j [INFO] | | | \- org.slf4j:log4j-over-slf4j:jar:1.7.26:compile [INFO] | | | \- org.slf4j:log4j-over-slf4j:jar:1.7.26:compile [INFO] | | | \- org.slf4j:log4j-over-slf4j:jar:1.7.26:compi

RV: Sprint-boot 1.5.x with maven is affected por log4j vulnerability?

2022-03-29 Thread Juan Jose Silupu Maza
Enviado desde Correo para Windows De: Juan Jose Silupu Maza Enviado: martes, 29 de marzo de 2022 11:59 Para: log4j-user-subscr...@logging.apache.org As

Re: Log4j 1.2.x Customer Appender not used as "Plugin" by Log4j 1.2 Bridge

2022-03-29 Thread Ralph Goers
To be usable in your configuration a Log4j 1.2 Appender cannot be a Log4j2 plugin. You would configure it exactly as you do in log4j 1.x, via its class name. That said, Do you really need your custom RollingFileAppender? The RollingFileAppender in Log4j 2 has many more options than Log4j 1 did.

Log4j 1.2.x Customer Appender not used as "Plugin" by Log4j 1.2 Bridge

2022-03-29 Thread Pablo Rogina
Hi, I have an old application using Log4j 1.2.x and we're using Log4j 1.2 Bridge from Log4j 2.17.2 to mitigate some vulnerabilities while minimizing source code changes. The application uses Log4j v1 properties file for configuration. We developed a custom appender by extending RollingFileAppende