Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [cross-project-issues-dev] Log4j 1.x vulnerability

Good to hear that you are moving to Import-Package! The fragment in the current configuration can actually not be simply fixed with a drop-in replacement as your version bounds are too strict. With that configuration it won't be ever possible to exchange to a newer bugfix version. I would suggest that you at least change this to [1.2.15,1.3)

I am fighting the Require-Bundle vs Import-Package discussion for years. There are unfortunately a few use cases in the Eclipse Platform that blocks the clean usage because of split package issues. Still I agree to your statement in general, especially with regards to logging dependencies which is because of SLF4J one of the best examples. 
But even with Import-Package the fragment issue (e.g. To provide a bundled logging configuration or custom log writer) would fail. 

Should we have a look at creating a re-bundled reload4j? 

Dietrich, Christian <christian.dietrich@xxxxxxxxx> schrieb am Mi., 26. Jan. 2022, 06:56:
we at Xtext have already a issue to track it on our side

unfortunately Xtext in the current release has require bundle (if i catched them all they should be gone in 2.26.0.M3) but the bigger problem is this one here

i guess also some downsteam components in simrel would have to pick up a new Xtext release.
i am not sure how much time i can spent to "pay attention" in feb and what the webmaster team will break
so that i am not sure if it is a good idea to add the new Xtext release to simrel

kind regards

Vorstand/Board: Jens Wagener (Vors./chairman), Dr. Stephan Eberle, Abdelghani El-Kacimi, Wolfgang Neuhaus, Franz-Josef Schuermann
Aufsichtsrat/Supervisory Board: Michael Neuhaus (Vors./chairman), Harald Goertz, Eric Swehla
Sitz der Gesellschaft/Registered Office: Am Brambusch 15-24, 44536 Lünen (Germany)
Registergericht/Registry Court: Amtsgericht Dortmund | HRB 20621
cross-project-issues-dev mailing list
To unsubscribe from this list, visit

Back to the top