Scott, I think you misunderstood. I wasn’t referring to any CVEs in Chainsaw code but in dependencies Chainsaw uses. Users expect dependencies to be updated periodically so that they can build a project that passes all their security scans.
Ralph > On Sep 19, 2023, at 11:26 AM, Scott Deboy <scott.de...@gmail.com> wrote: > > Ralph, > > I already removed the socket appender vulnerability. I believe that was the > only one. > > Scott > > On Tue, Sep 19, 2023, 11:10 AM Ralph Goers <ralph.go...@dslextreme.com> > wrote: > >> Scott, >> >> Apparently Chainsaw has dependencies that have CVEs reported against them >> (or so I am told). We haven’t enabled GitHub Issues for Chainsaw AFAIK. >> Both of these need to be addressed if the project is going to be considered >> active. Are you willing to help with both of these? >> >> Ralph >> >>> On Sep 19, 2023, at 3:25 AM, Scott Deboy <scott.de...@gmail.com> wrote: >>> >>> Well, it still works well, and real time log analysis and Chainsaw's >>> support for filtering are very powerful for many dev-local use cases. >>> >>> User base I can't speak to, but I agree based on lack of questions it's >>> probably very low to non-existent. >>> >>> I'd prefer we find an option that isn't "nuke it from orbit". >>> >>> Scott >>> >>> >>> >>> On Tue, Sep 19, 2023, 12:00 AM Volkan Yazıcı <vol...@yazi.ci> wrote: >>> >>>> AFAIC, Chainsaw is hardly getting any maintenance. Considering its >> activity >>>> over the years, I haven't witnessed a user base either. I suppose the >> trend >>>> in processing logs (i.e., rendering them into JSON and storing them in >>>> Elasticsearch, GCP/AWS log sinks, etc.) is shifted away from >>>> `PatternLayout`-rendered files collected under `/var/logs`. I would >> like to >>>> retire[1] Chainsaw in a vote thread. Thoughts? >>>> >>>> [1] Retirement translates to archival of the repository and clearing up >> its >>>> mentions in `logging.apache.org`. >>>> >> >>
