Announcement

Collapse
No announcement yet.
X
Collapse
  • Page of 1
  • Filter
  • Time
Clear All
new posts
Previous template Next
    #1

    Log4j 1.x migration to log4j2.x latest

    Hi Team,

    We are using smart client v 12.1 which is shipping log4j1.2.17.jar which is really old and there are some security concern around it. So we are looking to remove the usage of log4j1.x jar and migrate to log4j2.x jar, so need your help to understand the same.

    1. Are there any plans to upgrade the log4j1.x to log4j2.x in future smart client releases, If yes can you please provide which release we can expect this change
    2. Is log4j1.x shipped by smart client 12.1 is tightly coupled.? or is it fine to replace it with log4j 2.x and will it work seamlessly without causing any regression?

    Thanks in Advance!

    Regards,
    Murali
    Tags: None
    #2
    There are no vulnerabilities in log4j 1.0 that apply to SmartClient's usage.

    See the Server Logging overview for how to use log4j 2.0 via slf4j.

    We will likely switch the default logging system next release. However note, if we had done so earlier, you would be dealing with a zero-day exploit in log4j 2.0. Sometimes it's better to stick with what works..

    Comment

      #3
      Thanks for the quick response,

      ----See the Server Logging overview for how to use log4j 2.0 via slf4j.
      You mean that we can replace log4j1.x and make use of slf4j and it will not impact anything on smart client side.? can you please share if there are any document around it.

      Can you please share the next release timeliness and for which version of log4j it is planned to upgrade.? and are we completely removing log4j-1.x, please confirm

      Thanks,

      Comment

        #4
        Sorry, we're not sure what you mean - SmartClient logs to whatever framework you configure, and by directing you to the Server Logging overview, we have already provided the documentation - remember the reference is searchable, so, here is the Server Logging overview we referred you to:

        https://www.smartclient.com/smartcli....serverLogging

        For your other question, as we indicated: "We will likely switch the default logging system next release". Again this has no impact on you - you can change which framework you log to right now, if you want, and there is no security issue with either log4j 1.0 or 2.0. But if there is still something you want here, the Feature Sponsorship program allows you to get commitments on changes you want in the product.

        Comment

        Previous template Next
        Working...
        X