Re: [log4j] What is JPMS support and its state

Hi Volkan, On Mon, 6 Nov 2023 at 22:02, Volkan Yazıcı wrote: > OTOH, JPMS support in the `main` branch was first established by > hand-written `module-info.java` files and then later on reimplemented (work > in progress!) by Piotr via porting stuff from `2.x`. Nobody has tested it > yet, AFAIK. `

Re: [log4j] What is JPMS support and its state

On Tue, Nov 7, 2023 at 5:04 AM Ralph Goers wrote: > You know, I almost didn’t want to answer this email because after reading > the text it was quite obvious to me that the question you are really trying > to ask is: > “What more needs to be done to kill off 3.x?” That being said I will > still

Re: [log4j] What is JPMS support and its state

I need to do a correction to the following statement of mine: > `3.x` has a better modularization and plugin system, both > of which can be ported to `2.x` without breaking backward > compatibility. In his recent post Piotr is right: for backporting modularization, packages need to change too and

Re: [log4j] What is JPMS support and its state

Hi Ralph, On Tue, 7 Nov 2023 at 05:05, Ralph Goers wrote: > Next, there is a good chance that users really using JPMS won’t be able to > access any plugins outside of log4j-core. See > https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/lang/ClassLoader.html#getResource(java.lang.

Re: [log4j] What is JPMS support and its state

I’m not going to backport the DI system. It relies on Java 11 in all sorts of random places, first of all. I had to update numerous plugins and tests along the way, especially things that set up or manipulate static state, much of which has been cleaned up in main. It’s hard to describe all the

Re: Deterministic formatter

In the worst case scenario, we can still format from maven before committing (which is what I used to do before finding that there were IntelliJ plugins for this). In fact, I have to do that all the time lately anyways by running `mvn spotless:apply`. > On Nov 6, 2023, at 9:00 AM, Carter Kozak

Re: [log4j] Security page refactoring

Not that it’s relevant to adopt right away, but do note that there is a CVSS 4.0 now (that was finished quite recently) which is supposed to produce more useful severity scores. > On Nov 6, 2023, at 2:17 PM, Volkan Yazıcı wrote: > > I have created #1948

Re: [log4j] Security page refactoring

Also note that I’m at KubeCon right now, so I won’t have a chance to review this PR until, well, sometime during the conference. Possibly today, but likely within the next day or two. > On Nov 6, 2023, at 2:17 PM, Volkan Yazıcı wrote: > > I have created #1948

Re: [log4j] Security page refactoring

Actually, I was able to review this just now during the lunch break. > On Nov 7, 2023, at 1:24 PM, Matt Sicker wrote: > > Also note that I’m at KubeCon right now, so I won’t have a chance to review > this PR until, well, sometime during the conference. Possibly today, but > likely within the n