You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@wicket.apache.org by GitBox <gi...@apache.org> on 2021/12/27 19:14:44 UTC
[GitHub] [wicket] SampathKumarAmex opened a new pull request #490: Log4j upgrade to remove vulnerabilities
SampathKumarAmex opened a new pull request #490:
URL: https://github.com/apache/wicket/pull/490
Upgraded `Log4j` to latest version to fix vulnerability (security) issues.
https://logging.apache.org/log4j/2.x/security.html
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@wicket.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [wicket] martin-g commented on pull request #490: Log4j upgrade to remove vulnerabilities in 1.x versions
Posted by GitBox <gi...@apache.org>.
martin-g commented on pull request #490:
URL: https://github.com/apache/wicket/pull/490#issuecomment-1002975324
Thanks for bringing this topic, @SampathKumarAmex !
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@wicket.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [wicket] martin-g closed pull request #490: Log4j upgrade to remove vulnerabilities in 1.x versions
Posted by GitBox <gi...@apache.org>.
martin-g closed pull request #490:
URL: https://github.com/apache/wicket/pull/490
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@wicket.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [wicket] martin-g commented on a change in pull request #490: Log4j upgrade to remove vulnerabilities in 1.x versions
Posted by GitBox <gi...@apache.org>.
martin-g commented on a change in pull request #490:
URL: https://github.com/apache/wicket/pull/490#discussion_r776195001
##########
File path: pom.xml
##########
@@ -478,6 +483,12 @@
<artifactId>wicket-http2-undertow</artifactId>
<version>0.25-SNAPSHOT</version>
<type>jar</type>
+ <exclusions>
+ <exclusion>
+ <groupId>log4j</groupId>
+ <artifactId>log4j</artifactId>
Review comment:
This exclusion does not look good!
An application using this library may start failing with ClassNotFoundException now.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@wicket.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [wicket] martin-g commented on pull request #490: Log4j upgrade to remove vulnerabilities in 1.x versions
Posted by GitBox <gi...@apache.org>.
martin-g commented on pull request #490:
URL: https://github.com/apache/wicket/pull/490#issuecomment-1002975194
I've replaced log4j 1.x with slf4j-simple with https://github.com/apache/wicket/commit/d365e04af2076f41a04fb3ca624517f2c83d75c8
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@wicket.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org