• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: Replacing log4j with slf4j in Wonder
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Replacing log4j with slf4j in Wonder

  • Subject: Re: Replacing log4j with slf4j in Wonder
  • From: Ricardo Parada via Webobjects-dev <email@hidden>
  • Date: Thu, 26 Jan 2023 13:11:58 -0500
Hi Henrique,

It is true that Wonder uses mostly the Apache commons logging library, e.g.
org.apache.commons.logging and a little bit of the log4j 1 library, e.g.
org.apache.log4j.  That is what I concluded b searching *.jar and *.java files
in Wonder.

And you mention it in your list of open issues on your pull request, e.g. open
issue # 2.8

I do not see Wonder using log4j 2, e.g. org.apache.logging.log4j. So I think
technically, it is not affected by vulnerabilities CVE-2021-44228 and
CVE-2021-45046 which I’ve been asked to address in our code base.

I am interested in your pull request [1].  I took a look at it and I see you
have a couple issues left to resolve. For instance, updating five classes that
currently extend log4j1 classes. Any progress on that?

Do you see this being merged to Wonder anytime soon?
Will you wait until the 3 open issues have all been resolved?
Is anybody else using it and/or helping you?

I’m thinking of applying your pull request to our version of Wonder to see how
well it works with our code base.

Using slf4j in Wonder and letting the developer choose the actual logging
library seems like a winning strategy to me.

Thank you,
Ricardo Parada

[1] https://github.com/wocommunity/wonder/pull/977
<https://github.com/wocommunity/wonder/pull/977>


> On Mar 2, 2022, at 6:55 PM, Henrique Prange via Webobjects-dev
> <email@hidden> wrote:
>
> Hey guys!
>
> I'm replacing the log4j dependency with slf4j in Wonder, as promised. I've
> created a draft pull request [1] on GitHub so more people can comment, test,
> and assist me with this change. Please, take a look at it if you have time.
> Your comments are always welcome.
>
> Cheers,
>
> HP
>
> [1]https://github.com/wocommunity/wonder/pull/977
> _______________________________________________
> Do not post admin requests to the list. They will be ignored.
> Webobjects-dev mailing list      (email@hidden)
> Help/Unsubscribe/Update your Subscription:
>
> This email sent to email@hidden


 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden
  • Follow-Ups:
    • Re: Replacing log4j with slf4j in Wonder
      • From: René Bock via Webobjects-dev <email@hidden>
  • Next by Date: Re: Replacing log4j with slf4j in Wonder
  • Next by thread: Re: Replacing log4j with slf4j in Wonder
  • Index(es):
    • Date
    • Thread