TINKERPOP-2534 Switched test/distribution logging to logback#1444
Merged
spmallette merged 1 commit intomasterfrom Jun 22, 2021
Merged
TINKERPOP-2534 Switched test/distribution logging to logback#1444spmallette merged 1 commit intomasterfrom
spmallette merged 1 commit intomasterfrom
Conversation
There is a CVE with log4j 1.2 which EOL'd 5 years ago. We haven't really focused on changing this earlier because log4j is an optional dependency and can be swapped out by the user to their preferred logging provider given that we use slf4j. That said, it's better that we simply not include it in our distributions and docker packaging would work better out of the box without the CVE struck log4j in the mix. logback is dual licensed, but given that one of those licenses is under EPL we can make use of it - see https://issues.apache.org/jira/browse/LEGAL-63 for futher details if needed.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
https://issues.apache.org/jira/browse/TINKERPOP-2534
There is a CVE with log4j 1.2 which EOL'd 5 years ago. We haven't really focused on changing this earlier because log4j is an optional dependency and can be swapped out by the user to their preferred logging provider given that we use slf4j. That said, it's better that we simply not include it in our distributions and docker packaging would work better out of the box without the CVE struck log4j in the mix. logback is dual licensed, but given that one of those licenses is under EPL we can make use of it - see https://issues.apache.org/jira/browse/LEGAL-63 for futher details if needed.
All tests pass with
docker/build.sh -t -n -i. Logging tested for server/console distributions and their respective docker containers. Test logging seems correct as well since Travis passed.VOTE +1