Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [cross-project-issues-dev] Log4j 1.x vulnerability

I think redirecting logging messages to the eclipse log would better be done like SLF4j-osgi [1]

What I really wonder is: Have these project really a hard requirement/demand on using especially Log4J(1/2)?

Why not using SLF4J in all places and let the user choose the implementation with their favorite CVEs?

It could even be a simrel rules that logging is only done through SLF4J we can include the slf4joverX in the platform and SLF4j-osgi as the default implementation so everything goes to the eclipse /osgi log.


Am 26.01.22 um 06:56 schrieb Dietrich, Christian:
we at Xtext have already a issue to track it on our side <>

unfortunately Xtext in the current release has require bundle (if i catched them all they should be gone in 2.26.0.M3) but the bigger problem is this one here <>

i guess also some downsteam components in simrel would have to pick up a new Xtext release. i am not sure how much time i can spent to "pay attention" in feb and what the webmaster team will break so that i am not sure if it is a good idea to add the new Xtext release to simrel

kind regards

Vorstand/Board: Jens Wagener (Vors./chairman), Dr. Stephan Eberle, Abdelghani El-Kacimi, Wolfgang Neuhaus, Franz-Josef Schuermann Aufsichtsrat/Supervisory Board: Michael Neuhaus (Vors./chairman), Harald Goertz, Eric Swehla Sitz der Gesellschaft/Registered Office: Am Brambusch 15-24, 44536 Lünen (Germany)
Registergericht/Registry Court: Amtsgericht Dortmund | HRB 20621

cross-project-issues-dev mailing list
To unsubscribe from this list, visit

Back to the top