Hi Rainer, if log4j 1.x is not vulnerable it’s fine for me
Von meinem iPad gesendet > Am 13.01.2022 um 16:37 schrieb Rainer Döbele <[email protected]>: > > Hi Jan, > > the log4j version is 1.7.26 which is from Feb, 2019. > > For obvious reasons I would not recommend going on the 2.x branch. > Besides its not that easy as we'd have to find a replacement for the > org.apache.log4j.xml.DOMConfigurator. > > I think the 1.x branch is fine, but I will update the dependency to the > latest 1.7.32. > > Is that OK for you? > > Regards > Rainer > > > -----Ursprüngliche Nachricht----- > Von: Jan Glaubitz <[email protected]> > Gesendet: Donnerstag, 13. Januar 2022 15:51 > An: [email protected] > Cc: [email protected] > Betreff: Re: Release time! > > Hi Rainer > > at least the jsf2 example uses a very old version of log4j. Maybe that should > be updsted? > > Von meinem iPad gesendet > >> Am 13.01.2022 um 15:47 schrieb Rainer Döbele <[email protected]>: >> >> Dear empire-db community, >> >> I hope you have all had a merry Christmas and a happy new year's eve and I >> want to wish you all a wonderful year 2022. >> >> Its been a while since our last release and we have resolved quite a few >> issues and added some new features. >> So I think it is time for a new release as we have already announced in our >> previous board reports. >> >> Does anyone have any objections or suggestions for this release? >> If so, please reply within the next 3 days. >> >> Meanwhile I will review the Jira issues and start preparing the release 2.5.1 >> >> Best regards, >> Rainer >> chair >> >
