Hi, I successfully merged Henriques PR into our Wonder-fork and we are using log4j2 now for our current projects.
But in order to get rid of the log4j1.jar, we had to move form ant to maven build. And kick out the JavaXML.framework. I'll like to support Henrique in finalising this PR, but unfortunately, I got no reply from him :-( Regards, René Am 26.01.2023 um 19:11 schrieb Ricardo Parada via Webobjects-dev <webobjects-dev@lists.apple.com<mailto:webobjects-dev@lists.apple.com>>: Hi Henrique, It is true that Wonder uses mostly the Apache commons logging library, e.g. org.apache.commons.logging and a little bit of the log4j 1 library, e.g. org.apache.log4j. That is what I concluded b searching *.jar and *.java files in Wonder. And you mention it in your list of open issues on your pull request, e.g. open issue # 2.8 I do not see Wonder using log4j 2, e.g. org.apache.logging.log4j. So I think technically, it is not affected by vulnerabilities CVE-2021-44228 and CVE-2021-45046 which I’ve been asked to address in our code base. I am interested in your pull request [1]. I took a look at it and I see you have a couple issues left to resolve. For instance, updating five classes that currently extend log4j1 classes. Any progress on that? Do you see this being merged to Wonder anytime soon? Will you wait until the 3 open issues have all been resolved? Is anybody else using it and/or helping you? I’m thinking of applying your pull request to our version of Wonder to see how well it works with our code base. Using slf4j in Wonder and letting the developer choose the actual logging library seems like a winning strategy to me. Thank you, Ricardo Parada [1] https://github.com/wocommunity/wonder/pull/977 On Mar 2, 2022, at 6:55 PM, Henrique Prange via Webobjects-dev <webobjects-dev@lists.apple.com<mailto:webobjects-dev@lists.apple.com>> wrote: Hey guys! I'm replacing the log4j dependency with slf4j in Wonder, as promised. I've created a draft pull request [1] on GitHub so more people can comment, test, and assist me with this change. Please, take a look at it if you have time. Your comments are always welcome. Cheers, HP [1]https://github.com/wocommunity/wonder/pull/977 _______________________________________________ Do not post admin requests to the list. They will be ignored. Webobjects-dev mailing list (Webobjects-dev@lists.apple.com<mailto:Webobjects-dev@lists.apple.com>) Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/webobjects-dev/rparada%40mac.com This email sent to rpar...@mac.com<mailto:rpar...@mac.com> _______________________________________________ Do not post admin requests to the list. They will be ignored. Webobjects-dev mailing list (Webobjects-dev@lists.apple.com<mailto:Webobjects-dev@lists.apple.com>) Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/webobjects-dev/bock%40salient-doremus.de This email sent to b...@salient-doremus.de
_______________________________________________ Do not post admin requests to the list. They will be ignored. Webobjects-dev mailing list (Webobjects-dev@lists.apple.com) Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/webobjects-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com