[
https://issues.apache.org/jira/browse/SOLR-15877?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
David Smiley resolved SOLR-15877.
---------------------------------
Resolution: Invalid
Please don't use Jira to ask questions. Use the solr-user mailing list or
Slack: https://solr.apache.org/community.html
JUL is provided by the JDK and so whatever vulnerabilities might be there are
addressed by using the latest JDK.
An aside: I think JUL sucks; use Logback or Log4j 2.
> Changing from Log4j to JUL
> --------------------------
>
> Key: SOLR-15877
> URL: https://issues.apache.org/jira/browse/SOLR-15877
> Project: Solr
> Issue Type: Wish
> Security Level: Public(Default Security Level. Issues are Public)
> Components: logging
> Affects Versions: 6.6.3
> Reporter: Iqrar Aminullah
> Priority: Major
> Labels: beginner, security
>
> Hi, I've been trying to change Solr 6.6.3 logging function from using Log4j
> 1.2.17 to JUL by using SLF4J bridge to mitigate the security issues found on
> log4j 1.2.17
> I tried removing the Log4j library and added slf4j-jdk14.jar and
> log4j-over-slf4j-1.7.7.
> I want to know whether this change will create issues on Solr itself and
> whether using JUL on Solr 6.6.3 have a vulnurability issues. Is there any
> disparity table between using JUL and Log4j on Solr?
> Thank you for your advice
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org
For additional commands, e-mail: issues-h...@solr.apache.org
