log4j 2.17.2 - Githubissues

rollbar / rollbar-java

Rollbar for Java and Android

https://docs.rollbar.com/docs/java

MIT License

72 stars 74 forks source link

log4j 2.17.2 #294

Closed sullis closed 4 months ago

sullis commented 2 years ago

Description of the change

upgrade to latest version of Apache Log4j

https://logging.apache.org/log4j/2.x/

https://github.com/apache/logging-log4j2/releases/tag/rel%2F2.17.2

Type of change

[ ] Bug fix (non-breaking change that fixes an issue)
[ ] New feature (non-breaking change that adds functionality)
[ ] Breaking change (fix or feature that would cause existing functionality to not work as expected)
[x] Maintenance
[ ] New release

Related issues

Shortcut stories and GitHub issues (delete irrelevant)

Fix [SC-]
Fix #1

Checklists

Development

[ ] Lint rules pass locally
[ ] The code changed/added as part of this pull request has been covered with tests
[ ] All tests related to the changed code pass in development

Code review

[x] This pull request has a descriptive title and information useful to a reviewer. There may be a screenshot or screencast attached
[ ] "Ready for review" label attached to the PR and reviewers assigned
[ ] Issue from task tracker has a link to this pull request
[ ] Changes have been reviewed by at least one other engineer

diegov commented 1 year ago

Hi @sullis

Unless there's a specific security reason, rollbar-java will add dependencies to the lowest possible version of the 3rd party libraries. As long as those libraries maintain backwards compatibility, this allows our users to pick the version, without rollbar-java forcing them to upgrade.

Is there a specific reason to upgrade log4j2 in this case?