log4net > Vulnerability > CVE-2021-24112
Hello, In our CI pipeline, we detected vulnerability CVE-2021-24112, which affects the System.Drawing.Common 5.0.0 package, which is a dependency of log4net 2.0.15. > dotnet list package --vulnerable --include-transitive > System.Drawing.Common 5.0.0 Critical https://github.com/advisories/GHSA-rxg9-xrhp-64gj Regards.
Re: [log4cxx] Github windows builds
Upon further investigation, it appears as though it was the cache functionality that broke. Updating from v2 to v3 seems to have fixed the problem. It looks like when you updated vcpkg to the latest version that fixed it for one build, probably because the yml file changed or something? Anyway, it's fixed now. Are there any other configurations that we should test for while I'm making updates? -Robert Middleton On Thu, Oct 27, 2022 at 1:37 AM Stephen Webb wrote: > > It works using a more recent version of vcpkg - not sure what the issue > with the old version is. > > On Thu, Oct 27, 2022 at 1:41 PM Robert Middleton > wrote: > > > I've been adding some more builds for log4cxx(to test more > > combinations of features and stuff) but I seem to have broken the > > windows build - cmake can't find APR with the .pc file. It seems that > > whatever we had before cached had the .pc files in it, but trying to > > rebuild clean(no cache) does not have .pc files in it to find the > > library. > > > > I'm thinking that this may have had something to do with the recent > > changes to how we find APR, but I'm not much of a Windows guy so it > > could take me a while to figure out what exactly is broken. I know > > that Steven Webb uses vcpkg, would you be able to take a look at it > > and figure out why it might be failing? > > > > The branch in question: > > https://github.com/apache/logging-log4cxx/tree/LOGCXX-562 > > > > -Robert Middleton > >
Re: [log4cxx] Github windows builds
There are 3(logchar type) x 4(charset type) x 2(unichar?) x 2(wchar_t?) x 2(prefer_boost?) x 2(qt_support?) =192 combinations of build options log4cxx provides of which only one is being tested. What should we do with those? On Fri, Oct 28, 2022 at 12:23 PM Robert Middleton wrote: > Upon further investigation, it appears as though it was the cache > functionality that broke. Updating from v2 to v3 seems to have fixed > the problem. It looks like when you updated vcpkg to the latest > version that fixed it for one build, probably because the yml file > changed or something? > > Anyway, it's fixed now. Are there any other configurations that we > should test for while I'm making updates? > > -Robert Middleton > > On Thu, Oct 27, 2022 at 1:37 AM Stephen Webb wrote: > > > > It works using a more recent version of vcpkg - not sure what the issue > > with the old version is. > > > > On Thu, Oct 27, 2022 at 1:41 PM Robert Middleton > > wrote: > > > > > I've been adding some more builds for log4cxx(to test more > > > combinations of features and stuff) but I seem to have broken the > > > windows build - cmake can't find APR with the .pc file. It seems that > > > whatever we had before cached had the .pc files in it, but trying to > > > rebuild clean(no cache) does not have .pc files in it to find the > > > library. > > > > > > I'm thinking that this may have had something to do with the recent > > > changes to how we find APR, but I'm not much of a Windows guy so it > > > could take me a while to figure out what exactly is broken. I know > > > that Steven Webb uses vcpkg, would you be able to take a look at it > > > and figure out why it might be failing? > > > > > > The branch in question: > > > https://github.com/apache/logging-log4cxx/tree/LOGCXX-562 > > > > > > -Robert Middleton > > > >
