Closed Jeff-Walker closed 1 year ago
@Jeff-Walker - Thanks for making us aware of this and volunteering to do a PR. Could I ask you to please assign this ticket to yourself so that we know it's being worked on?
Lastly, FWIW, I am going to be submitting a PR in the next couple of days that updates ESAPI to use AntiSamy 1.7.1. And since that new AntiSamy version uses slf4j:slf4j-api:2.0.0
, I will be updating our pom to use that as well. That probably won't make a difference, but if you start testing your PR before my soon-to-be-submitted PR is merged, you might want to make sure it works with slf4j:slf4j-api:2.0.0
.
Here's the PR https://github.com/ESAPI/esapi-java-legacy/pull/741
Just let me know if I need to review this for the upgrade.
Looks like I don't have permission to assign myself.
Strange. I can't assign you either. NBD though since you have already submitted the PR. I'll look at it tonight.
On Thu, Sep 8, 2022, 12:04 PM Jeff Walker @.***> wrote:
Looks like I don't have permission to assign myself.
— Reply to this email directly, view it on GitHub https://github.com/ESAPI/esapi-java-legacy/issues/740#issuecomment-1240919483, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAO6PG6KQVLX7GYRMLVYJ2TV5IE67ANCNFSM6AAAAAAQH2A56Y . You are receiving this because you commented.Message ID: @.***>
All of the older log bridges allowed a
null
be passed as the first parameter of the log call. Because of this, we have tons of legacy code that pass anull
when they really should have passedLogger.EVENT_UNSPECIFIED
. The original log4j bridge allowed it and the newer JUL bridge does.I will submit a PR for the log bridge to do a
null
check and choose a sane value based on the log level.I have a custom log bridge and factory, but I had to cut and paste a lot of code from the official SLF4J code that I'd really rather have this in the code base if possible.