I’ve created https://issues.apache.org/jira/browse/LOG4J2-3516 for this.
Ralph
> On May 24, 2022, at 9:41 PM, Ralph Goers wrote:
>
>
>
>> On May 24, 2022, at 2:25 PM, Piotr P. Karwasz
>> wrote:
>>
>> The 'log4j:log4j' dependency is only used in some performance tests, which
>> probably sho
> On May 24, 2022, at 2:25 PM, Piotr P. Karwasz wrote:
>
> The 'log4j:log4j' dependency is only used in some performance tests, which
> probably should move to `log4j-perf`:
> https://github.com/apache/logging-log4j2/pull/890.
> If we also upgrade `h2` the `log4j-api` and `log4j-core` artifact
Hi Volkan,
On Tue, 24 May 2022 at 20:41, Volkan Yazıcı wrote:
> That is a spot on remark with security updates, in particular
> Jackson-related ones, Piotr. Yes, we shouldn't indeed ship 2.18.0 without
> the Jackson updates. I presume you are already taking care of this?
>
Yes, Jackson is updat
That is a spot on remark with security updates, in particular
Jackson-related ones, Piotr. Yes, we shouldn't indeed ship 2.18.0 without
the Jackson updates. I presume you are already taking care of this?
> Removing the `log4j` 1.x dependency from `log4j-core`
What do you exactly mean? `log4j-core
