]> source.dussan.org Git - gitblit.git/commit
projects / gitblit.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: f124dfc) | patch
dep: Update slf4j to 1.7.36 and switch from log4j1 to reload4j
authorFlorian Zschocke <f.zschocke+git@gmail.com>
Tue, 31 Oct 2023 18:07:35 +0000 (19:07 +0100)
committerFlorian Zschocke <f.zschocke+git@gmail.com>
Tue, 31 Oct 2023 18:07:35 +0000 (19:07 +0100)
commitd2a3322b280c408184cfe8618375b47cef09657a
tree4e1df96befe3845068d18b7c34b3e05e3d0c0b1ctree | snapshot
parentf124dfca7f8ec97b1f28cb5d258d8ee5d1da9b30commit | diff
dep: Update slf4j to 1.7.36 and switch from log4j1 to reload4j

Replace log4j 1.2.17 with reload4j 1.2.25.

log4j 1.x was caught in the fire of the Log4Shell vulnerability, even
though the 1.x line was not affected by the vulnerability. Still, this
looks bad when it shows up in security scanners even though it doesn't
mean it has the Log4Shell vulnerability.
Switch to reload4j instead. This is a drop-in replacement of log4j.
Actually, it is log4j rebooted by the same author. The reload4j 1.x
line fixes security issues that have since surfaced.

At the same time we update to the latest slf4j version, which also
switched to reload4j for the log4j12 line.
.classpath diff | blob | history
build.moxie diff | blob | history
gitblit.iml diff | blob | history
Pure java git solution: https://github.com/gitblit-org/gitblit