Can we remove Log4J 1.2.x Jar as Log4J 1.2.x is EOL?

microsoft / team-explorer-everywhere

Team Explorer Everywhere Plugin for Eclipse

Other

300 stars 96 forks source link

Can we remove Log4J 1.2.x Jar as Log4J 1.2.x is EOL? #351

Closed abhishekmurarka007 closed 11 months ago

abhishekmurarka007 commented 1 year ago

Hi Team,

Since Log4J 1.2.x is EOL, is it possible to replace the Log4j with latest version or remove it completely? We are getting Security alerts since Log4J 12.x is EOL.

Squire136 commented 1 year ago

Log4 1.2.x is more than EOL, it is riddled with security vulnerabilities. Please rev to log4j-2.19.0 or higher (https://logging.apache.org/log4j/2.x/download.html).

rohan2001 commented 1 year ago

Can some one provide steps to replace jar file for log4j on Linux log4j-1.2.14.jar

UmmerS commented 11 months ago

We are getting Security alerts since Log4J 12.x is EOL. Any alternate solution do suggest I truly appreciate your help.