less drama

pom.xml

@@ -217,6 +217,7 @@
         <artifactId>maven-jar-plugin</artifactId>
         <version>${maven-jar-plugin.version}</version>
         <executions>
+          <!--  Repeated in slf4j-api/pom.xml -->
           <execution>
             <id>default-jar</id>
             <phase>package</phase>

slf4j-api/pom.xml

@@ -41,6 +41,7 @@
       <plugin>
         <groupId>org.apache.maven.plugins</groupId>
         <artifactId>maven-jar-plugin</artifactId>
+        <version>${maven-jar-plugin.version}</version>
         <executions>
           <execution>
             <id>bundle-test-jar</id>

slf4j-api/src/main/java9/module-info.java

@@ -4,4 +4,5 @@
   exports org.slf4j.event;
   exports org.slf4j.helpers;
   uses org.slf4j.spi.SLF4JServiceProvider;
+requires java.base;
 }

slf4j-site/src/site/pages/bug-reporting.html

@@ -10,10 +10,10 @@
   </head>
   <body>
     <script type="text/javascript">prefix='';</script>
-
     <script type="text/javascript" src="js/jquery-min.js"></script>
 
-    <div id="content">
+
+    <div id="container">
       <script src="templates/header.js" type="text/javascript"></script>
       <div id="left">
         <script src="templates/left.js" type="text/javascript"></script>

slf4j-site/src/site/pages/css/site.css

@@ -38,7 +38,7 @@ a {
 #container {  
   margin-left: auto;
   margin-right: auto;
-  max-width: 100em;
+  max-width: 90em;
 
 }
 

slf4j-site/src/site/pages/log4shell.html

@@ -96,9 +96,9 @@ <h3>Is log4j 1.x vulnerable?</h3>
       configuration file will typically only become effective at
       application restart.</p>
 
-      <p>Nevertheless, while not easy, such an attack is
-      feasible. Thus it makes sense to make job of the attacker harder
-      by removing <code>JMSAppender</code> altogether from
+      <p>Nevertheless, while not easy, such an attack is not
+      impossible. Thus it makes some sense to make job of the attacker
+      even harder by removing <code>JMSAppender</code> altogether from
       <em>log4j-1.2.17.jar</em>.</p>
 
       <p>In the absence of a new log4j 1.x release, you can remove
@@ -144,7 +144,7 @@ <h3>Does a similar vulnerability exist in logback?</h3>
 
       <p>However, logback may make JNDI calls from within its
       configuration file. This was <a
-      href="https://github.com/cn-panda/logbackRceDemo">recently
+      href="https://jira.qos.ch/browse/LOGBACK-1591">recently
       reported</a> as a vulnerability of <span class="big
       green">lesser</span> severity. In response, we have released
       logback version 1.2.8. Please upgrade.
@@ -168,6 +168,9 @@ <h3>Does a similar vulnerability exist in logback?</h3>
       upgrading to logback version 1.2.8, we also recommend users to
       deploy their logback configuration files as read-only.</p>
 
+      <p><span class="green">If you have read thus far, you
+      probably understand that log4Shell/CVE-2021-44228 and
+      LOGBACK-1591 are of different severity levels.</span></p>
 
       <h3 class="doAnchor" name="concreteMeasures">Additional protective
       measure: write protect log4j{1,2}/logback configuration

slf4j-site/src/site/pages/news.html

@@ -13,7 +13,7 @@
     <script type="text/javascript" src="js/prettify.js"></script>
     <script type="text/javascript" src="js/jquery-min.js"></script>
 
-    <div id="content">
+    <div id="container">
 
       <script src="templates/header.js" type="text/javascript"></script>
       <div id="left">

slf4j-site/src/site/pages/templates/left.js

@@ -5,7 +5,7 @@ document.write('    <a href="download.html">Download</a>');
 document.write('    <a href="docs.html">Documentation</a>');
 document.write('    <a href="license.html">License</a>');
 document.write('    <a href="news.html">News</a>');
-
+document.write('    <a href="log4shell.html">log4shell</a>');
 document.write('  <p class="menu_header">Support</p>');
 
 document.write('    <a href="mailing-lists.html">Mailing Lists</a>');