ppkarwasz commented on PR #192: URL: https://github.com/apache/ant/pull/192#issuecomment-1207497790
This would be just a marketing problem: Log4j2 Core's vulnerabilities never affected the Log4j2 API as well as Logback's vulnerabilities never affected SLF4J. In the case of a new CVE against Log4j2 Core, some users will inquire if it affects Ant anyway (as they [did for Log4Shell](https://bz.apache.org/bugzilla/show_bug.cgi?id=65747)). In the panic that followed last December's events probably wondered if their old HP calculator was affected. :-) This listener does **not** depend on Log4j Core. The `setMessageOutputLevel` method uses Log4j Core if it is present, but I can also add support for Logback if needed. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@ant.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@ant.apache.org For additional commands, e-mail: dev-h...@ant.apache.org
