From ce15e71dd890061915f36277df2716e626f9ea70 Mon Sep 17 00:00:00 2001
From: Ceki Gulcu <ceki@qos.ch>
Date: Wed, 15 Dec 2021 08:51:26 +0100
Subject: [PATCH] less drama

---
 pom.xml                                      |  1 +
 slf4j-api/pom.xml                            |  1 +
 slf4j-api/src/main/java9/module-info.java    |  1 +
 slf4j-site/src/site/pages/bug-reporting.html |  4 ++--
 slf4j-site/src/site/pages/css/site.css       |  2 +-
 slf4j-site/src/site/pages/log4shell.html     | 11 +++++++----
 slf4j-site/src/site/pages/news.html          |  2 +-
 slf4j-site/src/site/pages/templates/left.js  |  2 +-
 8 files changed, 15 insertions(+), 9 deletions(-)

diff --git a/pom.xml b/pom.xml
index c23dc3371..404065d3c 100755
--- a/pom.xml
+++ b/pom.xml
@@ -217,6 +217,7 @@
         <artifactId>maven-jar-plugin</artifactId>
         <version>${maven-jar-plugin.version}</version>
         <executions>
+          <!--  Repeated in slf4j-api/pom.xml -->
           <execution>
             <id>default-jar</id>
             <phase>package</phase>
diff --git a/slf4j-api/pom.xml b/slf4j-api/pom.xml
index 5a4ffa2a1..47d70a6da 100755
--- a/slf4j-api/pom.xml
+++ b/slf4j-api/pom.xml
@@ -41,6 +41,7 @@
       <plugin>
         <groupId>org.apache.maven.plugins</groupId>
         <artifactId>maven-jar-plugin</artifactId>
+        <version>${maven-jar-plugin.version}</version>
         <executions>
           <execution>
             <id>bundle-test-jar</id>
diff --git a/slf4j-api/src/main/java9/module-info.java b/slf4j-api/src/main/java9/module-info.java
index dd7cd8e73..96f08f29e 100755
--- a/slf4j-api/src/main/java9/module-info.java
+++ b/slf4j-api/src/main/java9/module-info.java
@@ -4,4 +4,5 @@
   exports org.slf4j.event;
   exports org.slf4j.helpers;
   uses org.slf4j.spi.SLF4JServiceProvider;
+requires java.base;
 }
diff --git a/slf4j-site/src/site/pages/bug-reporting.html b/slf4j-site/src/site/pages/bug-reporting.html
index 1d68968de..3a5682824 100755
--- a/slf4j-site/src/site/pages/bug-reporting.html
+++ b/slf4j-site/src/site/pages/bug-reporting.html
@@ -10,10 +10,10 @@
   </head>
   <body>
     <script type="text/javascript">prefix='';</script>
-
     <script type="text/javascript" src="js/jquery-min.js"></script>
 
-    <div id="content">
+      
+    <div id="container">
       <script src="templates/header.js" type="text/javascript"></script>
       <div id="left">
         <script src="templates/left.js" type="text/javascript"></script>
diff --git a/slf4j-site/src/site/pages/css/site.css b/slf4j-site/src/site/pages/css/site.css
index 8d4cfc66b..235b8d252 100755
--- a/slf4j-site/src/site/pages/css/site.css
+++ b/slf4j-site/src/site/pages/css/site.css
@@ -38,7 +38,7 @@ a {
 #container {  
   margin-left: auto;
   margin-right: auto;
-  max-width: 100em;
+  max-width: 90em;
 
 }
 
diff --git a/slf4j-site/src/site/pages/log4shell.html b/slf4j-site/src/site/pages/log4shell.html
index 08473375e..fdd9d63f8 100644
--- a/slf4j-site/src/site/pages/log4shell.html
+++ b/slf4j-site/src/site/pages/log4shell.html
@@ -96,9 +96,9 @@ <h3>Is log4j 1.x vulnerable?</h3>
       configuration file will typically only become effective at
       application restart.</p>
 
-      <p>Nevertheless, while not easy, such an attack is
-      feasible. Thus it makes sense to make job of the attacker harder
-      by removing <code>JMSAppender</code> altogether from
+      <p>Nevertheless, while not easy, such an attack is not
+      impossible. Thus it makes some sense to make job of the attacker
+      even harder by removing <code>JMSAppender</code> altogether from
       <em>log4j-1.2.17.jar</em>.</p>
 
       <p>In the absence of a new log4j 1.x release, you can remove
@@ -144,7 +144,7 @@ <h3>Does a similar vulnerability exist in logback?</h3>
 
       <p>However, logback may make JNDI calls from within its
       configuration file. This was <a
-      href="https://github.com/cn-panda/logbackRceDemo">recently
+      href="https://jira.qos.ch/browse/LOGBACK-1591">recently
       reported</a> as a vulnerability of <span class="big
       green">lesser</span> severity. In response, we have released
       logback version 1.2.8. Please upgrade.
@@ -168,6 +168,9 @@ <h3>Does a similar vulnerability exist in logback?</h3>
       upgrading to logback version 1.2.8, we also recommend users to
       deploy their logback configuration files as read-only.</p>
 
+      <p><span class="green">If you have read thus far, you
+      probably understand that log4Shell/CVE-2021-44228 and
+      LOGBACK-1591 are of different severity levels.</span></p>
 
       <h3 class="doAnchor" name="concreteMeasures">Additional protective
       measure: write protect log4j{1,2}/logback configuration
diff --git a/slf4j-site/src/site/pages/news.html b/slf4j-site/src/site/pages/news.html
index 210ae8d62..1f790a3d2 100755
--- a/slf4j-site/src/site/pages/news.html
+++ b/slf4j-site/src/site/pages/news.html
@@ -13,7 +13,7 @@
     <script type="text/javascript" src="js/prettify.js"></script>
     <script type="text/javascript" src="js/jquery-min.js"></script>
 
-    <div id="content">
+    <div id="container">
 
       <script src="templates/header.js" type="text/javascript"></script>
       <div id="left">
diff --git a/slf4j-site/src/site/pages/templates/left.js b/slf4j-site/src/site/pages/templates/left.js
index d90da2648..81df72293 100755
--- a/slf4j-site/src/site/pages/templates/left.js
+++ b/slf4j-site/src/site/pages/templates/left.js
@@ -5,7 +5,7 @@ document.write('    <a href="download.html">Download</a>');
 document.write('    <a href="docs.html">Documentation</a>');
 document.write('    <a href="license.html">License</a>');
 document.write('    <a href="news.html">News</a>');
-
+document.write('    <a href="log4shell.html">log4shell</a>');
 document.write('  <p class="menu_header">Support</p>');
 
 document.write('    <a href="mailing-lists.html">Mailing Lists</a>');