'[jira] [Commented] (MYFACES-4429) replace use of log4j v1 (builder plugin)'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       myfaces-dev
Subject:    [jira] [Commented] (MYFACES-4429) replace use of log4j v1 (builder plugin)
From:       "PJ Fanning (Jira)" <dev () myfaces ! apache ! org>
Date:       2022-03-02 22:32:00
Message-ID: JIRA.13431578.1646255025000.378081.1646260320206 () Atlassian ! JIRA
[Download RAW message or body]


    [ https://issues.apache.org/jira/browse/MYFACES-4429?page=com.atlassian.jira.plugi \
n.system.issuetabpanels:comment-tabpanel&focusedCommentId=17500406#comment-17500406 ] \


PJ Fanning commented on MYFACES-4429:
-------------------------------------

[~tandraschko] thanks for the quick response. I'm part of the ASF Security team and \
we are getting a pretty hard time for multiple angles about why ASF projects won't \
use secure versions of logging frameworks.

> replace use of log4j v1 (builder plugin)
> ----------------------------------------
> 
> Key: MYFACES-4429
> URL: https://issues.apache.org/jira/browse/MYFACES-4429
> Project: MyFaces Core
> Issue Type: Improvement
> Reporter: PJ Fanning
> Priority: Major
> 
> [https://repo1.maven.org/maven2/org/apache/myfaces/buildtools/myfaces-builder-plugin/1.0.11/myfaces-builder-plugin-1.0.11.pom]
>  log4jv1 is end-of-life and has multiple security issues



--
This message was sent by Atlassian Jira
(v8.20.1#820001)


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic