| Re: [cross-project-issues-dev] Log4j 1.x vulnerability |
What I really wonder is: Have these project really a hard requirement/demand on using especially Log4J(1/2)?
Why not using SLF4J in all places and let the user choose the implementation with their favorite CVEs?
It could even be a simrel rules that logging is only done through SLF4J we can include the slf4joverX in the platform and SLF4j-osgi as the default implementation so everything goes to the eclipse /osgi log.
[1] https://github.com/osgi/slf4j-osgi Am 26.01.22 um 06:56 schrieb Dietrich, Christian:
we at Xtext have already a issue to track it on our sidehttps://github.com/eclipse/xtext/issues/2028 <https://github.com/eclipse/xtext/issues/2028>unfortunately Xtext in the current release has require bundle (if i catched them all they should be gone in 2.26.0.M3) but the bigger problem is this one here https://github.com/eclipse/xtext-eclipse/blob/ffa3cf77753ebc29687768731a5d45416d2b50f1/org.eclipse.xtext.logging/META-INF/MANIFEST.MF#L5 <https://github.com/eclipse/xtext-eclipse/blob/ffa3cf77753ebc29687768731a5d45416d2b50f1/org.eclipse.xtext.logging/META-INF/MANIFEST.MF#L5>i guess also some downsteam components in simrel would have to pick up a new Xtext release. i am not sure how much time i can spent to "pay attention" in feb and what the webmaster team will break so that i am not sure if it is a good idea to add the new Xtext release to simrelkind regards ChristianVorstand/Board: Jens Wagener (Vors./chairman), Dr. Stephan Eberle, Abdelghani El-Kacimi, Wolfgang Neuhaus, Franz-Josef Schuermann Aufsichtsrat/Supervisory Board: Michael Neuhaus (Vors./chairman), Harald Goertz, Eric Swehla Sitz der Gesellschaft/Registered Office: Am Brambusch 15-24, 44536 Lünen (Germany)Registergericht/Registry Court: Amtsgericht Dortmund | HRB 20621 _______________________________________________ cross-project-issues-dev mailing list cross-project-issues-dev@xxxxxxxxxxx To unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/cross-project-issues-dev