Re: [cross-project-issues-dev] Log4j 1.x vulnerability

Re: [cross-project-issues-dev] Log4j 1.x vulnerability

we at Xtext have already a issue to track it on our side

unfortunately Xtext in the current release has require bundle (if i catched them all they should be gone in 2.26.0.M3) but the bigger problem is this one here https://github.com/eclipse/xtext-eclipse/blob/ffa3cf77753ebc29687768731a5d45416d2b50f1/org.eclipse.xtext.logging/META-INF/MANIFEST.MF#L5

i guess also some downsteam components in simrel would have to pick up a new Xtext release.

i am not sure how much time i can spent to "pay attention" in feb and what the webmaster team will break

so that i am not sure if it is a good idea to add the new Xtext release to simrel

kind regards

Christian

Vorstand/Board: Jens Wagener (Vors./chairman), Dr. Stephan Eberle, Abdelghani El-Kacimi, Wolfgang Neuhaus, Franz-Josef Schuermann

Aufsichtsrat/Supervisory Board: Michael Neuhaus (Vors./chairman), Harald Goertz, Eric Swehla

Sitz der Gesellschaft/Registered Office: Am Brambusch 15-24, 44536 Lünen (Germany)

Registergericht/Registry Court: Amtsgericht Dortmund | HRB 20621

Follow-Ups:
- Re: [cross-project-issues-dev] Log4j 1.x vulnerability
  - From: Christoph Läubrich
- Re: [cross-project-issues-dev] Log4j 1.x vulnerability
  - From: Dirk Fauth

References:
- [cross-project-issues-dev] Log4j 1.x vulnerability
  - From: Dirk Fauth
- Re: [cross-project-issues-dev] Log4j 1.x vulnerability
  - From: Ed Merks