You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The recent log4j exploit has led me to checking various projects and realizing that many Java/JVM based projects include log4j solely due to having GKL at a dependency. I would argue that it is not good practise to have library code like the GKL bind directly to a logging framework like log4j, but instead to have it use commons-logging or something similar, that allows tools and applications that use the library to redirect logging information into the logging toolkit of their choice.
The text was updated successfully, but these errors were encountered:
Intel is continuing to evaluate the impact of the Apache Log4j2 security vulnerabilities (CVE-2021-44228 & CVE-2021-45046) on our product portfolio. Please see INTEL-SA-00646 for the most up to date information. We will continue to update this Security Advisory as new information becomes available.
The recent log4j exploit has led me to checking various projects and realizing that many Java/JVM based projects include log4j solely due to having GKL at a dependency. I would argue that it is not good practise to have library code like the GKL bind directly to a logging framework like log4j, but instead to have it use commons-logging or something similar, that allows tools and applications that use the library to redirect logging information into the logging toolkit of their choice.
The text was updated successfully, but these errors were encountered: