Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

GKL should ideally use commons-logging or similar instead of log4j #165

Closed
tfenne opened this issue Dec 15, 2021 · 2 comments
Closed

GKL should ideally use commons-logging or similar instead of log4j #165

tfenne opened this issue Dec 15, 2021 · 2 comments

Comments

@tfenne
Copy link
Contributor

tfenne commented Dec 15, 2021

The recent log4j exploit has led me to checking various projects and realizing that many Java/JVM based projects include log4j solely due to having GKL at a dependency. I would argue that it is not good practise to have library code like the GKL bind directly to a logging framework like log4j, but instead to have it use commons-logging or something similar, that allows tools and applications that use the library to redirect logging information into the logging toolkit of their choice.
@Kmannth
Copy link
Contributor

Kmannth commented Dec 16, 2021

Intel is continuing to evaluate the impact of the Apache Log4j2 security vulnerabilities (CVE-2021-44228 & CVE-2021-45046) on our product portfolio. Please see INTEL-SA-00646 for the most up to date information. We will continue to update this Security Advisory as new information becomes available.

@mateuszsnowak
Copy link
Contributor

As of version 0.8.10 GKL uses commons-logging instead of log4j.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@tfenne @Kmannth @mateuszsnowak