Re: CVE-2023-26464: Apache Log4j 1.x (EOL) allows DoS in Chainsaw and SocketAppender

2023-04-21 Thread Ceki Gülcü
re > recommended to update to Log4j 2.x. >> >> NOTE: This vulnerability only affects products that are no longer > supported by the maintainer. >> >> Credit: >> >> Garrett Tucker of Red Hat (reporter) >> >> References: >> >> https://lo

Re: Log4j 1.x replacement

2022-01-27 Thread Ceki Gülcü
; events. Log4j 2 doesn’t suffer from any of those issues. > > Instead of continuing to be a gnat and arguing against Log4j2 you could start > being part > of the solution and work to improve the bridge. > > This thread is not about discussing why reload4j is better than >

Re: [logging-log4j1] branch v1.2.8 created (now 0cde9dd)

2022-01-06 Thread Ceki Gülcü
"re4j" as log4j 1.x, the door is open. -- Ceki Gülcü — Matt Sicker On Jan 6, 2022, at 18:18, Ceki Gülcü wrote:  Hello all, Given the recent refusal to even consider work on a 1.2.18 branch, which would have been subject to PMC vote before release anyway, I have created a separat

Re: [logging-log4j1] branch v1.2.8 created (now 0cde9dd)

2022-01-06 Thread Ceki Gülcü
log4j 1.x. If one day the logging PMC changes its mind and decides to integrate "relog4j1" as log4j 1.x, the door is open. Those interested to contribute, please contact me directly. Good luck and thanks for the fish. -- Ceki Gülcü On 07/01/2022 00:25, Ceki Gülcü wrote: On 07/

Re: [logging-log4j1] branch v1.2.8 created (now 0cde9dd)

2022-01-06 Thread Ceki Gülcü
On 07/01/2022 00:05, Ralph Goers wrote: Unless you can convince Gary to rescind his veto there is no choice but to revert. Reverted in github. -- Ceki Gülcü

Re: [LOG4J 1] standardizing the Maven build

2022-01-06 Thread Ceki Gülcü
Hi Leo, Don't you think standardizing to usual Maven folder structure would save everyone a log of time down the line? --Ceki On 06/01/2022 20:07, Leo Simons wrote: Hey Ceki, Builds and tests were already fixed up, see the most recent outstanding PRs. Might be faster to cherry-pick rather

[LOG4J 1] standardizing the Maven build

2022-01-06 Thread Ceki Gülcü
.git -- Ceki Gülcü Please contact suppport(at)qos.ch for donations, sponsorship or support contracts related to SLF4J or logback projects.

Re: [ANNOUNCE] Log4j 1 End-of-Life Statement

2022-01-06 Thread Ceki Gülcü
On 06/01/2022 15:17, Ralph Goers wrote: Our repos aren’t open to any ASF committer, only Logging Services committers. We have very few committers who are also not PMC members. So you would likely be the only person with commit rights who might be interested in doing the work required to do

Re: [ANNOUNCE] Log4j 1 End-of-Life Statement

2022-01-06 Thread Ceki Gülcü
ial contributors, review and apply the patches. You could also craft the 1.2.18 release and put it up for a vote. I don't understand. The PMC just voted to disallow 1.2.18 release for other ASF committers. Have you not? -- Ceki Gülcü

Re: [ANNOUNCE] Log4j 1 End-of-Life Statement

2022-01-06 Thread Ceki Gülcü
fix the critical issues in log4j 1.x. The effort involved is reasonable and is likely to help a lot of people. Best regards and a happy new year. -- Ceki Gülcü Please contact suppport(at)qos.ch for donations, sponsorship or support contracts related to SLF4J or logback projects. On 06/01