You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@ratis.apache.org by "Tsz-wo Sze (Jira)" <ji...@apache.org> on 2021/12/23 11:37:00 UTC
[jira] [Created] (RATIS-1477) Exclude log4j JMSAppender.class in jar
Tsz-wo Sze created RATIS-1477:
---------------------------------
Summary: Exclude log4j JMSAppender.class in jar
Key: RATIS-1477
URL: https://issues.apache.org/jira/browse/RATIS-1477
Project: Ratis
Issue Type: Improvement
Components: build
Reporter: Tsz-wo Sze
Assignee: Tsz-wo Sze
According to https://www.slf4j.org/log4shell.html ,
{quote}
..., log4j 1.x comes with JMSAppender which will perform a JNDI lookup if enabled in log4j's configuration file, i.e. log4j.properties or log4j.xml.
{quote}
Therefore, it is better to exclude JMSAppender.class from the generated jar.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)