doc changes, less drama

Signed-off-by: Ceki Gulcu <ceki@qos.ch>

logback-site/src/site/pages/bugreport.html

@@ -11,14 +11,15 @@
   <body>
     <script type="text/javascript">prefix='';</script>
 
-    <script src="templates/header.js" type="text/javascript"></script>
-    <div id="left">
-      <script src="templates/left.js" type="text/javascript"></script>
-    </div>
-    <div id="right">
-      <script type="text/javascript" src="templates/right.js" ></script>
-    </div>
-x
+    <div id="container">
+      <script src="templates/header.js" type="text/javascript"></script>
+      <div id="left">
+        <script src="templates/left.js" type="text/javascript"></script>
+      </div>
+      <div id="right">
+        <script type="text/javascript" src="templates/right.js" ></script>
+      </div>
+
     <div id="content">
 
 
@@ -90,6 +91,7 @@ <h3>Reporting a bug</h3>
     </ul>
 
     <script src="templates/footer.js" type="text/javascript"></script>
-</div>
+    </div>
+    </div>
 </body>
 </html>

logback-site/src/site/pages/index.html

@@ -29,13 +29,7 @@ <h2>Logback Project</h2>
 
     <p>Logback is intended as a successor to the popular log4j
     project, <a href="reasonsToSwitch.html">picking up where log4j 1.x
-    leaves off</a>. Fortunately, logback is unrelated to log4j 2.x and
-    does not share its vulnerabilities. </p>
-
-    <p class="highlight" >Unless specified otherwise, when we say log4j we mean log4j
-    1.x. We should also like to emphasize that logback is unrelated to
-    log4j 2.x. It does not share code nor vulnerabilities with log4j
-    2.x. </p>
+    leaves off</a>. </p>
 
     <p>Logback's architecture is quite generic so as to apply
     under different circumstances. At present time, logback is divided

logback-site/src/site/pages/license.html

@@ -13,15 +13,17 @@
   <body>
     <script type="text/javascript">prefix='';</script>
 
-    <script src="templates/header.js" type="text/javascript"></script>
-    <div id="left">
-      <script src="templates/left.js" type="text/javascript"></script>
-    </div>
-    <div id="right">
-      <script type="text/javascript" src="templates/right.js" ></script>
-    </div>
 
-    <div id="content">
+    <div id="container">
+      <script src="templates/header.js" type="text/javascript"></script>
+      <div id="left">
+        <script src="templates/left.js" type="text/javascript"></script>
+      </div>
+      <div id="right">
+        <script type="text/javascript" src="templates/right.js" ></script>
+      </div>
+
+      <div id="content">
 
     <div class="section">
       <h2>Logback License</h2>
@@ -80,6 +82,7 @@ <h2>Logback License</h2>
     are granted on a case by case basis.</p>
 
 <script src="templates/footer.js" type="text/javascript"></script>
-</div>
+      </div>
+      </div>
 </body>
 </html>

logback-site/src/site/pages/mailinglist.html

@@ -13,14 +13,18 @@
   <body>
     <script  type="text/javascript">prefix='';</script>
 
-    <script src="templates/header.js"  type="text/javascript"></script>
-    <div id="left">
-      <noscript>Please turn on Javascript to view this menu</noscript>
-      <script src="templates/left.js"  type="text/javascript"></script>
-    </div>
-    <div id="right">
-      <script type="text/javascript" src="templates/right.js" ></script>
-    </div>
+    <div id="container">
+
+      <script src="templates/header.js"  type="text/javascript"></script>
+
+
+      <div id="left">
+        <noscript>Please turn on Javascript to view this menu</noscript>
+        <script src="templates/left.js"  type="text/javascript"></script>
+      </div>
+      <div id="right">
+        <script type="text/javascript" src="templates/right.js" ></script>
+      </div>
 
     <div id="content">
 
@@ -151,6 +155,7 @@ <h3>Respect the mailing list type</h3>
 
 
   <script src="templates/footer.js" type="text/javascript"></script>
-</div>
+    </div>
+    </div>
 </body>
 </html>

logback-site/src/site/pages/news.html

@@ -14,6 +14,8 @@
   <body onload="prettyPrint()">
     <script type="text/javascript">prefix='';</script>
     <script type="text/javascript" src="js/prettify.js"></script>
+
+    <div id="container">
     <script src="templates/header.js" type="text/javascript"></script>
     <div id="left">
       <noscript>Please turn on Javascript to view this menu</noscript>
@@ -67,6 +69,46 @@ <h3>, 2021, Release of version 1.3.0-alpha11</h3>
 
     <hr width="80%" align="center" />
 
+    <h3>14th of December, 2021, Release of version 1.2.8</h3>
+
+    <p class="highlight">We note that the vulnerability mentioned in
+    LOGBACK-1591 requires write access to logback's configuration file
+    as a prerequisite. <span class="green"><b>Please understand  that log4Shell/CVE-2021-44228
+    and LOGBACK-1591 are of utterly different severity levels.</b></span></p>
+
+
+    <p>&bull; In response to <a
+    href="https://jira.qos.ch/browse/LOGBACK-1591">LOGBACK-1591</a>,
+    we have disabled all JNDI lookup code in logback until further
+    notice. This impacts <a
+    href="manual/loggingSeparation.html#ContextJNDISelector">ContextJNDISelector</a>
+    and &lt;insertFromJNDI&gt; element in configuration files.
+    </p>
+
+    <p>&bull; Also in response to <a
+    href="https://jira.qos.ch/browse/LOGBACK-1591">LOGBACK-1591</a>,
+    we have removed all database (JDBC) related code in the project
+    with no replacement.</p>
+
+    <p>We note that the vulnerability mentioned in LOGBACK-1591
+    requires write access to logback's configuration file as a
+    prerequisite. Please understand that log4Shell/CVE-2021-44228 and
+    LOGBACK-1591 are of utterly different severity levels. A successul
+    RCE requires <em>all</em> of the following to be true:</p>
+
+    <ol>
+      <li>write access to logback.xml</li>      
+      <li>use of versions &lt; 1.2.8</li>
+      <li>reloading of poisoned configuration data, which implies
+      application restart or scan="true" set prior to attack</li>
+    </ol>
+
+    <p>As an additional extra precaution, in addition to upgrading to
+    logback version 1.2.8, we also recommend users to set their
+    logback configuration files as read-only.</p>
+
+    <hr width="80%" align="center" />
+
     <h3>11th of November, 2021, Release of version 1.2.7</h3>
 
     <p>&bull; Added <a
@@ -3625,5 +3667,6 @@ <h3>February 9th, 2006 - Logback web-site goes live</h3>
 
   <script src="templates/footer.js" type="text/javascript"></script>
 </div>
+</div>
 </body>
 </html>

logback-site/src/site/pages/reasonsToSwitch.html

@@ -31,19 +31,17 @@
 
     <h2>Reasons to prefer logback over log4j 1.x</h2>
 
-    <p class="highlight" >Unless specified otherwise, when we say log4j we mean log4j
-    1.x. We should also like to emphasize that logback is unrelated to
-    log4j 2.x. It does not share code nor vulnerabilities with log4j
-    2.x. </p>
+    <p class="highlight" >Unless specified otherwise, when we say
+    log4j we mean log4j 1.x. </p>
 
     <p>Logback brings a large number of improvements over log4j 1.x,
     big and small. They are too many to enumerate exhaustively.
     Nevertheless, here is a non-exhaustive list of reasons for
     switching to logback from log4j 1.x. Keep in mind that logback is
     conceptually very similar to log4j 1.x as both projects were
     founded by the same developer. If you are already familiar with
-    log4j 1.x, you will quickly feel at home using logback. If you
-    like log4j 1.x, you will probably love logback.</p>
+      log4j 1.x, you will quickly feel at home using logback.
+    </p>
 
 
     <h3 class="doAnchor" name="fasterImpl">Faster implementation</h3>

logback-site/src/site/pages/templates/footer.js

@@ -7,7 +7,7 @@ document.write('<td valign="top">Copyright &copy; 2021  <a href="http://www.qos.
 
 document.write('  <td rowspan="2">');
 document.write('    <a href="http://twitter.com/qos_ch">');
-document.write('      <img alt="Follow @qos_ch" src="http://www.slf4j.org/images/follow_us.png" />');
+document.write('      <img alt="Follow @qos_ch" src="https://www.slf4j.org/images/follow_us.png" />');
 document.write('    </a>');
 document.write('  </td>');
 

logback-site/src/site/pages/templates/left.js

@@ -10,15 +10,15 @@ document.write('<p class="menu"><a href="' + prefix + 'news.html">News</a></p>')
 document.write('<p class="menu_header">Support</p>');
 document.write('<p class="menu"><a href="' + prefix + 'mailinglist.html">Mailing Lists</a></p>');
 document.write('<p class="menu"><a href="' + prefix + 'bugreport.html">Bug Report</a></p>');
-document.write('<p class="menu"><a href="http://github.com/qos-ch/logback">Source Repository</a></p>');
+document.write('<p class="menu"><a href="https://github.com/qos-ch/logback">Source Repository</a></p>');
 document.write('<p class="menu"><a href="' + prefix + 'volunteer.html">Call for volunteers</a>');
 document.write('<p class="menu"><a href="http://www.qos.ch/shop/products/professionalSupport">Support offerings</a>');
 
 //document.write('<p class="menu"><a href="http://www.qos.ch/shop/products/training">Training</a>');
 
 document.write('<p class="menu_header">Online Tools</p>');
-document.write('<p class="menu"><a href="http://logback.qos.ch/translator/">log4j.properties Translator</a>');
-document.write('<p class="menu"><a href="http://logback.qos.ch/translator/asGroovy.html">logback.XML to Groovy</a>');
+document.write('<p class="menu"><a href="https://logback.qos.ch/translator/">log4j.properties Translator</a>');
+document.write('<p class="menu"><a href="https://logback.qos.ch/translator/asGroovy.html">logback.XML to Groovy</a>');
 
 document.write('</p>');
 document.write('</div>');
@@ -30,7 +30,7 @@ document.write('<p>&nbsp;</p>');
 
 
 document.write('<div class="pub">');
-document.write('    <a href="http://twitter.com/qos_ch" style="">');
+document.write('    <a href="https://twitter.com/qos_ch" style="">');
 document.write('      <img alt="Follow @qos_ch" src="' + prefix + 'images/follow_us.png" />');
 document.write('    </a>');
 document.write('</div>');