TRUNK-6057: log4j2.x changes in 2.1.x #3979
Merged
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Ticket Id
TRUNK-6057
Reference commits :
a78c140
d43ce19
6b0651b
Above commits are suggested by @ibacher in the below talk thread.
https://talk.openmrs.org/t/urgent-security-advisory-2021-12-11-re-apache-log4j-2/35341/16?u=grace
Description
We currently use log4j 1.x which is not supported anymore. It is EOL as described here https://blogs.apache.org/foundation/entry/apache_logging_services_project_announces
We can either update to its successor log4j 2
https://logging.apache.org/log4j/2.x/