Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Apache
log4j
version 1.x is unsupported and has several known vulnerabilities. While these vulnerabilities are not exploitable within the context of MaDDash, vulnerability scanning tools, like Nessus, will still issues warnings about its use, creating an additional workload for system administration and security staff.The commit included in this pull request aims to fix this issue by replacing
log4j
withreload4j
. Thereload4j
library is a drop-in replacement forlog4j
version 1.x that is still supported and does not suffer from the vulnerabilities thatlog4j
is known to have. Thereload4j
project has several well-known users and sponsors and is effectively a continuation of thelog4j
project. Please read more about thereload4j
project here: https://reload4j.qos.ch/This change has been tested in a small test setup consisting of several perfSONAR nodes and an archive/MaDDash server. All MaDDash logging functionality appears to be working correctly, and all other functionality appears to be working correctly as well.
Comments, questions, or concerns are welcome! Additionally, please let me know if this pull request should be opened against a different branch.
This fixes #103.