You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@ratis.apache.org by "Tsz-wo Sze (Jira)" <ji...@apache.org> on 2021/12/23 11:37:00 UTC

[jira] [Created] (RATIS-1477) Exclude log4j JMSAppender.class in jar

Tsz-wo Sze created RATIS-1477:
---------------------------------

             Summary: Exclude log4j JMSAppender.class in jar
                 Key: RATIS-1477
                 URL: https://issues.apache.org/jira/browse/RATIS-1477
             Project: Ratis
          Issue Type: Improvement
          Components: build
            Reporter: Tsz-wo Sze
            Assignee: Tsz-wo Sze


According to https://www.slf4j.org/log4shell.html , 
{quote}
..., log4j 1.x comes with JMSAppender which will perform a JNDI lookup if enabled in log4j's configuration file, i.e. log4j.properties or log4j.xml.
{quote}
Therefore, it is better to exclude JMSAppender.class from the generated jar.



--
This message was sent by Atlassian Jira
(v8.20.1#820001)