We actually have a call out for sponsors and proposals on replacing the
log4j1 library:
http://geoserver.org/behind%20the%20scenes/2022/01/20/log4j-upgrade.html
Please support geoserver!
--
Jody Garnett
On Mon, 24 Jan 2022 at 03:52, Andrea Aime
wrote:
> See
>
See http://geoserver.org/behind%20the%20scenes/2022/01/20/log4j-upgrade.html
If you and your customers are in urgent need for this upgrade, don't
hesitate to sponsor the effort.
Cheers
Andrea
On Mon, Jan 10, 2022 at 5:32 PM Ron Lindhoudt via Geoserver-users <
@lists.sourceforge.net; Mark Prins
Subject: Re: [Geoserver-users] [EXTERN!]: LOG4J Version in GeoServer
Our customers are demanding to support the latest version of log4j in
Geoserver, I mean the latest 2.* without vulnerabilities because log4j 1.* is
EOL.
On the Geoserver website I found this (13-12
Currently there are no plans to change the logging framework. The question
is how much do you and your customers want to make this change happen? Even
estimating the cost of the update is probably several days work, so until
we get funding to start looking there isn't even a plan.
There is a
Our customers are demanding to support the latest version of log4j in
Geoserver, I mean the latest 2.* without vulnerabilities because log4j 1.* is
EOL.On the Geoserver website I found this (13-12-2021):
We are also aware that Log4J 1.2.17 is an “End Of Life” (EOL) project, and are
actively
On 19-12-2021 11:11, Michael Steigemann via Geoserver-users wrote:
Hello!
Thank you very much for providing the geoserver.war:
log4j-1.2.17.norce.jar.
I have integrated into geoserver and ran a OWASP dependency check (
ns without JMSAppender
>> are not impacted by this vulnerability.*
>>
>> https://logging.apache.org/log4j/2.x/security.html#CVE-2021-44228
>>
>>
>>
>> Regards
>> Daniel
>>
>>
>>
>> *From:* Michael Steigemann via Geoserver-users [
MSAppender configured. Log4j 1.x configurations without JMSAppender
> are not impacted by this vulnerability.*
>
> https://logging.apache.org/log4j/2.x/security.html#CVE-2021-44228
>
>
>
> Regards
> Daniel
>
>
>
> *From:* Michael Steigemann via Geoserver-users [mailto:
>
oserver-users
[mailto:geoserver-users@lists.sourceforge.net]
Sent: Monday, December 13, 2021 7:53 PM
To: GeoServer Mailing List List
Subject: [EXTERN!]: [Geoserver-users] LOG4J Version in GeoServer
Hello!
I think most of you have heard of the LOG4J vulnerability these days:
https://nvd.nist.go
/security.html#CVE-2021-44228
Regards
Daniel
From: Michael Steigemann via Geoserver-users
[mailto:geoserver-users@lists.sourceforge.net]
Sent: Monday, December 13, 2021 7:53 PM
To: GeoServer Mailing List List
Subject: [EXTERN!]: [Geoserver-users] LOG4J Version in GeoServer
Hello!
I think most of you
10 matches
Mail list logo