Note that there is also the Logback library, which is a continuation of the 1.x branch of Log4j 1.x. http://logback.qos.ch/ I am not sure if it is exactly a drop-in replacement but it is probably the most similar thing to a drop-in replacement.
Best regards, César Martínez On Mon, 13 Dec 2021 at 19:55, Michael Steigemann via Geoserver-users <geoserver-users@lists.sourceforge.net> wrote: > > Hello! > > I think most of you have heard of the LOG4J vulnerability these days: > https://nvd.nist.gov/vuln/detail/CVE-2021-44228 > > As far as I see GeoServer 2.20.1 uses still Log4J Version 1 log4j-1.2.17.jar > and luckily is not affected by the problem itself. On the other hand the used > log4j version 1 is not officially supported since 2015: "...Please note that > Log4j 1.x has reached end of life and is no longer supported. Vulnerabilities > reported after August 2015 against Log4j 1.x were not checked and will not be > fixed. Users should upgrade to Log4j 2 to obtain security fixes...." > (https://logging.apache.org/log4j/2.x/security.html) > > Are there any plans of integrating log4j Version 2 in GeoServer? > > Thanks for your short feedback and all the best, > Michael > _______________________________________________ > Geoserver-users mailing list > > Please make sure you read the following two resources before posting to this > list: > - Earning your support instead of buying it, but Ian Turton: > http://www.ianturton.com/talks/foss4g.html#/ > - The GeoServer user list posting guidelines: > http://geoserver.org/comm/userlist-guidelines.html > > If you want to request a feature or an improvement, also see this: > https://github.com/geoserver/geoserver/wiki/Successfully-requesting-and-integrating-new-features-and-improvements-in-GeoServer > > > Geoserver-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/geoserver-users -- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - César Martínez Izquierdo GIS developer - - - - - - - - - - - - - - - - - - - - SCOLAB: http://www.scolab.es - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - _______________________________________________ Geoserver-users mailing list Please make sure you read the following two resources before posting to this list: - Earning your support instead of buying it, but Ian Turton: http://www.ianturton.com/talks/foss4g.html#/ - The GeoServer user list posting guidelines: http://geoserver.org/comm/userlist-guidelines.html If you want to request a feature or an improvement, also see this: https://github.com/geoserver/geoserver/wiki/Successfully-requesting-and-integrating-new-features-and-improvements-in-GeoServer Geoserver-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-users
