[prev in list] [next in list] [prev in thread] [next in thread]
List: myfaces-dev
Subject: [jira] [Commented] (MYFACES-4429) replace use of log4j v1 (builder plugin)
From: "PJ Fanning (Jira)" <dev () myfaces ! apache ! org>
Date: 2022-03-02 22:32:00
Message-ID: JIRA.13431578.1646255025000.378081.1646260320206 () Atlassian ! JIRA
[Download RAW message or body]
[ https://issues.apache.org/jira/browse/MYFACES-4429?page=com.atlassian.jira.plugi \
n.system.issuetabpanels:comment-tabpanel&focusedCommentId=17500406#comment-17500406 ] \
PJ Fanning commented on MYFACES-4429:
-------------------------------------
[~tandraschko] thanks for the quick response. I'm part of the ASF Security team and \
we are getting a pretty hard time for multiple angles about why ASF projects won't \
use secure versions of logging frameworks.
> replace use of log4j v1 (builder plugin)
> ----------------------------------------
>
> Key: MYFACES-4429
> URL: https://issues.apache.org/jira/browse/MYFACES-4429
> Project: MyFaces Core
> Issue Type: Improvement
> Reporter: PJ Fanning
> Priority: Major
>
> [https://repo1.maven.org/maven2/org/apache/myfaces/buildtools/myfaces-builder-plugin/1.0.11/myfaces-builder-plugin-1.0.11.pom]
> log4jv1 is end-of-life and has multiple security issues
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic