[
https://issues.apache.org/jira/browse/WHISKER-18?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17979890#comment-17979890
]
ASF subversion and git services commented on WHISKER-18:
--------------------------------------------------------
Commit a5fa569a013c515817334ef0dcca21cc74edd6ff in creadur-whisker's branch
refs/heads/master from P. Ottlinger
[ https://gitbox.apache.org/repos/asf?p=creadur-whisker.git;h=a5fa569 ]
Merge pull request #240 from
apache/dependabot/maven/org.apache.logging.log4j-log4j-bom-2.25.0
WHISKER-18: Bump org.apache.logging.log4j:log4j-bom from 2.24.3 to 2.25.0
> Upgrade to log4j2
> -----------------
>
> Key: WHISKER-18
> URL: https://issues.apache.org/jira/browse/WHISKER-18
> Project: Apache Whisker
> Issue Type: Improvement
> Reporter: Philipp Ottlinger
> Assignee: Philipp Ottlinger
> Priority: Major
> Fix For: 0.2
>
>
> In order to provide a fix against
> [https://app.snyk.io/vuln/SNYK-JAVA-LOG4J-572732]
> upgrade to SLF4J/Log4j2.
> * Cleanup of pom.xml and GHA build scripts on the way (build is more similar
> to Creadur RAT):
> ** use temurin JDK
> ** use v4 of setup-java GHA
> ** manage module dependencies in root pom
> ** use TLS links, removed comments
> During the development interesting problems were revealed on certain windows
> versions:
> during invoker-runs an old SNAPSHOT was taken into account that pulled in old
> API SNAPSHOTs during GitHubAction runs!
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
