[
https://issues.apache.org/jira/browse/WHISKER-18?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17979888#comment-17979888
]
ASF subversion and git services commented on WHISKER-18:
--------------------------------------------------------
Commit 207cf6bbf97ac8262e53afaa7d7d60f9ef757bf3 in creadur-whisker's branch
refs/heads/master from P. Ottlinger
[ https://gitbox.apache.org/repos/asf?p=creadur-whisker.git;h=207cf6b ]
Merge pull request #239 from apache/dependabot/maven/log4j2.version-2.25.0
WHISKER-18: Bump log4j2.version from 2.24.3 to 2.25.0
> Upgrade to log4j2
> -----------------
>
> Key: WHISKER-18
> URL: https://issues.apache.org/jira/browse/WHISKER-18
> Project: Apache Whisker
> Issue Type: Improvement
> Reporter: Philipp Ottlinger
> Assignee: Philipp Ottlinger
> Priority: Major
> Fix For: 0.2
>
>
> In order to provide a fix against
> [https://app.snyk.io/vuln/SNYK-JAVA-LOG4J-572732]
> upgrade to SLF4J/Log4j2.
> * Cleanup of pom.xml and GHA build scripts on the way (build is more similar
> to Creadur RAT):
> ** use temurin JDK
> ** use v4 of setup-java GHA
> ** manage module dependencies in root pom
> ** use TLS links, removed comments
> During the development interesting problems were revealed on certain windows
> versions:
> during invoker-runs an old SNAPSHOT was taken into account that pulled in old
> API SNAPSHOTs during GitHubAction runs!
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
