You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tinkerpop.apache.org by "Stephen Mallette (Jira)" <ji...@apache.org> on 2022/03/07 21:29:00 UTC

[jira] [Commented] (TINKERPOP-2715) remove log4jv1 dependency

    [ https://issues.apache.org/jira/browse/TINKERPOP-2715?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17502558#comment-17502558 ] 

Stephen Mallette commented on TINKERPOP-2715:
---------------------------------------------

you referenced gremlin-driver specifically, where log4j is an optional dependency. any reason you don't just utilize whatever slf4j compatible logging framework you would like? 

> remove log4jv1 dependency
> -------------------------
>
>                 Key: TINKERPOP-2715
>                 URL: https://issues.apache.org/jira/browse/TINKERPOP-2715
>             Project: TinkerPop
>          Issue Type: Improvement
>          Components: build-release
>    Affects Versions: 3.5.2
>            Reporter: PJ Fanning
>            Priority: Major
>
> Can this be reconsidered? Log4jv1 has even more open CVEs now.
> [https://repo1.maven.org/maven2/org/apache/tinkerpop/gremlin-driver/3.5.2/gremlin-driver-3.5.2.pom]
> https://issues.apache.org/jira/browse/TINKERPOP-1983



--
This message was sent by Atlassian Jira
(v8.20.1#820001)