You are viewing a plain text version of this content. The canonical link for it is here.

Posted to java-dev@axis.apache.org by "Andreas Veithen (JIRA)" <ji...@apache.org> on 2017/07/01 14:13:00 UTC

[jira] [Commented] (AXIS2-5857) Log4j 1.x has reached EOL

    [ https://issues.apache.org/jira/browse/AXIS2-5857?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16071258#comment-16071258 ] 

Andreas Veithen commented on AXIS2-5857:
----------------------------------------

Axis2 uses Commons Logging, so you can replace log4j 1.x by whatever logging implementation you want. I think the only piece of code that directly depends on log4j is a library called Jalopy which is used by the code generators (i.e. in a context that is not security sensitive).

>  Log4j 1.x has reached EOL
> --------------------------
>
>                 Key: AXIS2-5857
>                 URL: https://issues.apache.org/jira/browse/AXIS2-5857
>             Project: Axis2
>          Issue Type: Improvement
>    Affects Versions: 1.7.5
>            Reporter: spoorti
>
> The log4j 1.x has reached EOL. Even the latest release version of Axis2 contains the 1.x version of the log4j.
> It need to be upgraded to 2.8.2 or higher since the other 2.x versions has vulnerability reported.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

---------------------------------------------------------------------
To unsubscribe, e-mail: java-dev-unsubscribe@axis.apache.org
For additional commands, e-mail: java-dev-help@axis.apache.org