rombert commented on PR #62: URL: https://github.com/apache/sling-org-apache-sling-xss/pull/62#issuecomment-3897852383
> > Needless to say, updating the bundle in products that are still on slf4j 1.x will not be possible. > > Yes. Is there a general Sling guideline for this? Quoting https://cwiki.apache.org/confluence/display/SLING/Dependabot > In Sling we have long had a policy of depending on the lowest possible version of the API, to ensure that our bundles are deployed in the widest possible range of environments. In other words - if we don't need to rely in the newer API we should not. That goes for both javax.servlet and org.slf4j IMO. The unversioned commons.logging import is also problematic. We can run into issues if whatever pulls it in actually wants 1.3 API but import an unversioned API which is actually 1.2 . -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
