Log4net is now both unmaintained and insecure

red-gate / Tech-Radar

A Tech Radar for Redgate

21 stars 14 forks source link

Log4net is now both unmaintained and insecure #334

Closed samblackburn closed 4 years ago

samblackburn commented 4 years ago

[x] Are you happy for the content of this change to be publicly visible?
[x] Are all new or updated entries marked as isNew = true?
[x] Do radar.csv and radar_libraries render correctly when viewed on Github?
[x] Does the updated tech radar display as you expect?
[x] Does the updated libraries tech radar display as you expect?

TheEadie commented 4 years ago

This looks like a fun one: https://codesearch.red-gate.com/?q=log4net.dll&i=nope&files=&excludeFiles=&repos=.*

A search for just log4net returns too many results for code-search to display them.

We also seem to have a wrapper around it in https://github.com/red-gate/RedGate.Logging which is widely used by both product and core. It feels like we should be killing that too.

fffej commented 4 years ago

I'm happy for this to be merged (and I've added Redgate.Logging to the retire list).

garethbragg commented 4 years ago

I definitely support these changes!

Do we have an adopt logging option somewhere?

Greg-Smulko commented 4 years ago

Do we have an adopt logging option somewhere?

Yes, we have Serilog in adopt.

garethbragg commented 4 years ago

Thanks @Greg-Smulko, I just couldn't see it! Probably should have searched for "log"...

ChrisLambrou commented 4 years ago

Searching for XmlConfigurator in .cs files gives slightly more managable code search results. Not sure we can rely on every use of log4net making use of config files, though.

https://codesearch.red-gate.com/?q=XmlConfigurator&i=nope&files=%5C.cs%24&excludeFiles=&repos=