Hi Team,
Hope you are doing well.
While doing security scans, we are finding multiple security vulnerability in log4j-1.2.15.jar which is bundled as part of smart client jars(v12.1).
Also log4j1.x is EOL. please see-> https://logging.apache.org/log4j/1.2/
So I just wanted to check couple of things here:
1. Are there any plans to address the security issues which are in log4j1.x?
2. Are there any plans to upgrade/use log4j2.x in latest smart client? if yes, when and in which release we can expect it
3. As log4j is mainly used for logging, can we use log4j 2.x and remove log4j1.x which is shipped by smart client libraries? wanted to make sure/hear from you whether it will work or break something. w.r.t smart client application and logging prespective
Thanks in Advance!
Regards,
Janardhan
"originally posted by muralik "
Hope you are doing well.
While doing security scans, we are finding multiple security vulnerability in log4j-1.2.15.jar which is bundled as part of smart client jars(v12.1).
Also log4j1.x is EOL. please see-> https://logging.apache.org/log4j/1.2/
So I just wanted to check couple of things here:
1. Are there any plans to address the security issues which are in log4j1.x?
2. Are there any plans to upgrade/use log4j2.x in latest smart client? if yes, when and in which release we can expect it
3. As log4j is mainly used for logging, can we use log4j 2.x and remove log4j1.x which is shipped by smart client libraries? wanted to make sure/hear from you whether it will work or break something. w.r.t smart client application and logging prespective
Thanks in Advance!
Regards,
Janardhan
"originally posted by muralik "
Comment