You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Currently we use slf4j/slf4j-simple for application logging. But some of our underlying libraries (e.g. aws clients) use commons-logging, and we provide log4j-core as the logging implementation. It does not make sense to use two logging implementations at the same time (slf4j-simple and log4j-core). The correct setup is to have jcl-over-slf4j so that all logging goes to slf4j-simple.
Currently we use slf4j/slf4j-simple for application logging. But some of our underlying libraries (e.g. aws clients) use commons-logging, and we provide log4j-core as the logging implementation. It does not make sense to use two logging implementations at the same time (slf4j-simple and log4j-core). The correct setup is to have
jcl-over-slf4jso that all logging goes toslf4j-simple.This change is made in response to cve-2021-44228. But it is a precautionary change: we have not found any reachable vulnerability in Snowplow apps. You can read more about Snowplow's reponse to CVE-2021-44228 on Discourse
The text was updated successfully, but these errors were encountered: