[ https://issues.apache.org/jira/browse/SOLR-15877?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
David Smiley resolved SOLR-15877. --------------------------------- Resolution: Invalid Please don't use Jira to ask questions. Use the solr-user mailing list or Slack: https://solr.apache.org/community.html JUL is provided by the JDK and so whatever vulnerabilities might be there are addressed by using the latest JDK. An aside: I think JUL sucks; use Logback or Log4j 2. > Changing from Log4j to JUL > -------------------------- > > Key: SOLR-15877 > URL: https://issues.apache.org/jira/browse/SOLR-15877 > Project: Solr > Issue Type: Wish > Security Level: Public(Default Security Level. Issues are Public) > Components: logging > Affects Versions: 6.6.3 > Reporter: Iqrar Aminullah > Priority: Major > Labels: beginner, security > > Hi, I've been trying to change Solr 6.6.3 logging function from using Log4j > 1.2.17 to JUL by using SLF4J bridge to mitigate the security issues found on > log4j 1.2.17 > I tried removing the Log4j library and added slf4j-jdk14.jar and > log4j-over-slf4j-1.7.7. > I want to know whether this change will create issues on Solr itself and > whether using JUL on Solr 6.6.3 have a vulnurability issues. Is there any > disparity table between using JUL and Log4j on Solr? > Thank you for your advice -- This message was sent by Atlassian Jira (v8.20.1#820001) --------------------------------------------------------------------- To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org For additional commands, e-mail: issues-h...@solr.apache.org