Hi Henrique, It is true that Wonder uses mostly the Apache commons logging library, e.g. org.apache.commons.logging and a little bit of the log4j 1 library, e.g. org.apache.log4j. That is what I concluded b searching *.jar and *.java files in Wonder.
And you mention it in your list of open issues on your pull request, e.g. open issue # 2.8 I do not see Wonder using log4j 2, e.g. org.apache.logging.log4j. So I think technically, it is not affected by vulnerabilities CVE-2021-44228 and CVE-2021-45046 which I’ve been asked to address in our code base. I am interested in your pull request [1]. I took a look at it and I see you have a couple issues left to resolve. For instance, updating five classes that currently extend log4j1 classes. Any progress on that? Do you see this being merged to Wonder anytime soon? Will you wait until the 3 open issues have all been resolved? Is anybody else using it and/or helping you? I’m thinking of applying your pull request to our version of Wonder to see how well it works with our code base. Using slf4j in Wonder and letting the developer choose the actual logging library seems like a winning strategy to me. Thank you, Ricardo Parada [1] https://github.com/wocommunity/wonder/pull/977 <https://github.com/wocommunity/wonder/pull/977> > On Mar 2, 2022, at 6:55 PM, Henrique Prange via Webobjects-dev > <webobjects-dev@lists.apple.com> wrote: > > Hey guys! > > I'm replacing the log4j dependency with slf4j in Wonder, as promised. I've > created a draft pull request [1] on GitHub so more people can comment, test, > and assist me with this change. Please, take a look at it if you have time. > Your comments are always welcome. > > Cheers, > > HP > > [1]https://github.com/wocommunity/wonder/pull/977 > _______________________________________________ > Do not post admin requests to the list. They will be ignored. > Webobjects-dev mailing list (Webobjects-dev@lists.apple.com) > Help/Unsubscribe/Update your Subscription: > https://lists.apple.com/mailman/options/webobjects-dev/rparada%40mac.com > > This email sent to rpar...@mac.com
_______________________________________________ Do not post admin requests to the list. They will be ignored. Webobjects-dev mailing list (Webobjects-dev@lists.apple.com) Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/webobjects-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
