Skip to content

Fix: logging issue in quick-start application #402

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Sep 24, 2020
Merged

Fix: logging issue in quick-start application #402

merged 3 commits into from
Sep 24, 2020

Conversation

@mnoman09
Copy link
Contributor

@mnoman09 mnoman09 commented Sep 23, 2020

Summary

  • Replaced slf4j-log4j12 lib with slf4j-simple due to vulnerability issue in log4j 1.2 version
  • Also this PR will resolve the logging issue in quick-start application

Test plan

FSC and all unit tests should pass.
@mnoman09
Quick-start application logging issue fixed, by replacing log4j-slf4j…
57c2dd5 
…-impl with slf4j-simple this will resolve the vulnerability issue aswell
@mnoman09 mnoman09 requested a review from a team as a code owner September 23, 2020 20:31
Mat001
Mat001 reviewed Sep 23, 2020
View reviewed changes
java-quickstart/build.gradle
compile group: 'com.google.code.gson', name: 'gson', version: '2.8.6'
compile group: 'org.apache.httpcomponents', name: 'httpclient', version: '4.5.12'
compile group: 'org.apache.logging.log4j', name: 'log4j-slf4j-impl', version: '2.13.3'
compile group: 'org.slf4j', name: 'slf4j-simple', version: '1.7.30'
Copy link

@Mat001 Mat001 Sep 23, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I see this is a revert to the line that was there previously. That works, tested it. But I'm not sure if maybe new Apache logger might have different logging properties setup, and this line didn't need to be reverted and instead Apache logger might need a different setup. I'm not sure.
Copy link
Contributor Author

@mnoman09 mnoman09 Sep 23, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No actually previously it was compile group: 'org.slf4j', name: 'slf4j-log4j12', version: '1.7.30' which was causing vulnerability issue due to transitive property of log4j. I now replaced it with alternative library slf4j-simple.
@mnoman09 mnoman09 closed this Sep 23, 2020
@mnoman09 mnoman09 reopened this Sep 23, 2020
@coveralls
Copy link

coveralls commented Sep 23, 2020
edited
Loading

Pull Request Test Coverage Report for Build 1555

  • 0 of 0 changed or added relevant lines in 0 files are covered.
  • No unchanged relevant lines lost coverage.
  • Overall coverage remained the same at 89.703%
Totals Coverage Status
Change from base Build 1545: 0.0%
Covered Lines: 4051
Relevant Lines: 4516
💛 - Coveralls
@aliabbasrizvi aliabbasrizvi merged commit 2d88a32 into master Sep 24, 2020
@aliabbasrizvi aliabbasrizvi deleted the mnoman/loggigFix branch September 24, 2020 21:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

🤖 4 hrs

6 participants

@mnoman09 @coveralls @Mat001 @aliabbasrizvi @optimizely-codereview-bot