upd: migrate log4j to log4j2 to fix vulnerability on log4j 1 #352
Conversation
jcharlet
force-pushed
the
upgrade_log4j
branch
3 times, most recently
from
8d79204
to
c7e8788
Compare
|
Hi all, if someone could review that PR, that would fix the vulnerability issue we have on all other builds, and help me move on. Thanks! |
|
Hi @jcharlet there seems to be a huge amount of changes in this due to reformatting or something. Unfortunately for many but not all files in this PR that makes it impossible to pick out the intentional changes. If its not a huge amount of work, is it possible to get a PR where only the necessary code changes are made? or the reformatting changes are isolated in their own commit separately to the desired logging changes. |
Hi @adamretter , sure thanks, will do |
(with log4j files not renamed to ease review)
jcharlet
force-pushed
the
upgrade_log4j
branch
from
c7e8788
to
ccd5a6c
Compare
|
argh @adamretter there was no reformatting issue, it's because I removed log4j.properties files and created log4j2.properties files. And as it considers them as different files, it doesn't try to show the diff between them. I updated the commits, so that I initially commit properties files with renaming them. A bit easier to compare in intellij though.. Could that be satisfying? I agree it's a large change, all properties files were updated, and syntax changed from log4j 1 to log4j2.. |
|
@adamretter I'll save you some time, we have a new developer Saurab who's available to review the PR :), will see that with him! |
jcharlet
requested review from
sparkhi
and removed request for
adamretter and
ian-hoyle
|
The email id in the source header should be corrected. It is not strictly part of this issue, so it should be addressed on its own with corrections in all places where it appears in the codebase, also look to see if it forces a copyright year update |
update dependencies and configuration for logging to log4j2
to fix new vulnerability on log4j 1 which is preventing builds to succeed on CI.