Announcement

Collapse
No announcement yet.
X
  • Filter
  • Time
Clear All
new posts

  • Blama
    started a topic Log4j 1.2 end of life / outdated jars

    Log4j 1.2 end of life / outdated jars

    Hi Isomorphic,

    as you might have noticed from the last posts and change of topics, we don't develop much in the last months, but do overdue infrastructure work.
    This included hardware change (separation of DB and Application on new servers) that for some reason triggered this issue and will also include a migration from Oracle -> Postgres.

    Then I looked a bit (not done yet) into this issue.

    Now we wanted to switch logging from "stupid" Tomcat stdout-catalina.out-logging to Greylog, where log4j2 is the default version for its appender. Also log4j 1 is officially EOL since August 2015 and per docs it's not clear if the new version can just be dropped in.

    In all these cases it comes down to this: It would be great if you updated your shipped 3rd party libraries to the current version.
    As I wrote here, it's clear to me that this a big change that can't possibly happen in a 12.0p nightly, but if it were possible for 12.1p, where I don't know how far you are away from the release, this would of course be great.

    Best regards
    Blama

  • Isomorphic
    replied
    We will be updating to log4j2, but not for 12.1.

    You already have the ability to use whatever logging framework you want, and log4j is not the kind of library that suddenly has security issues, so there is little urgency here.

    Leave a comment:

Working...
X