Am 19.12.21 um 12:32 schrieb Gilad Denneboom:
That's good to know, but when I generate a jar file with only PDFBox
(v2.0.25) as a dependent library, I can still see a Log4J class in it,
under org\apache\commons\logging\impl\.
Is it not used? If so, can that dependency be removed? If it is used, what
version is it, please?
That's a log4j-wrapper from commons-io which has an optional dependency to log4j
1.2.17, see https://issues.apache.org/jira/browse/PDFBOX-5346 for further details
Andreas
On Thu, Dec 16, 2021 at 11:03 AM Tilman Hausherr <thaush...@t-online.de>
wrote:
No
Tilman
Am 16.12.2021 um 09:43 schrieb Thomas Möller:
Hello,
is the use of the prebuild pdfbox.jar in any manner affected by the
log4j security problems?
Best Regards, Thomas M.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@pdfbox.apache.org
For additional commands, e-mail: users-h...@pdfbox.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@pdfbox.apache.org
For additional commands, e-mail: users-h...@pdfbox.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@pdfbox.apache.org
For additional commands, e-mail: users-h...@pdfbox.apache.org
