You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tinkerpop.apache.org by "Stephen Mallette (Jira)" <ji...@apache.org> on 2022/03/07 21:29:00 UTC
[jira] [Commented] (TINKERPOP-2715) remove log4jv1 dependency
[ https://issues.apache.org/jira/browse/TINKERPOP-2715?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17502558#comment-17502558 ]
Stephen Mallette commented on TINKERPOP-2715:
---------------------------------------------
you referenced gremlin-driver specifically, where log4j is an optional dependency. any reason you don't just utilize whatever slf4j compatible logging framework you would like?
> remove log4jv1 dependency
> -------------------------
>
> Key: TINKERPOP-2715
> URL: https://issues.apache.org/jira/browse/TINKERPOP-2715
> Project: TinkerPop
> Issue Type: Improvement
> Components: build-release
> Affects Versions: 3.5.2
> Reporter: PJ Fanning
> Priority: Major
>
> Can this be reconsidered? Log4jv1 has even more open CVEs now.
> [https://repo1.maven.org/maven2/org/apache/tinkerpop/gremlin-driver/3.5.2/gremlin-driver-3.5.2.pom]
> https://issues.apache.org/jira/browse/TINKERPOP-1983
--
This message was sent by Atlassian Jira
(v8.20.1#820001)