On Thu, Jul 14, 2016 at 8:22 AM, dalibor topic <dalibor.to...@oracle.com> wrote: > > > I'd suggest moving on [1] to a maintained version of that dependency, such > as 2.6.x currently seems to be.
I'm not complaining about the issue: I'm simply trying to put things in perspective, communicate a bit of a reality check as to what is going to happen. *tons* of libraries depend on log4j 1.x, it may even be more widely used than guava. We try to do the right thing and fix the issues we encounter, when testing java 9, and send patches where they should go. But it is hard when the software is unmaintained, or stubborn (e.g. https://github.com/aws/aws-sdk-java/pull/718)
