Skip to content

Commit f04cf16

Browse files
cekiceki
committed
fix comments, less bragging
Signed-off-by: Ceki Gulcu <[email protected]>
1 parent c69570f commit f04cf16

File tree

2 files changed

+2
-107
lines changed

2 files changed

+2
-107
lines changed

slf4j-site/src/site/pages/css/site.css

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -50,7 +50,7 @@ p.menu {
5050
"left content right";
5151
max-width: 90rem;
5252
margin-left: 1rem;
53-
# margin-right: auto;
53+
/** margin-right: auto; **/
5454

5555
}
5656

@@ -83,7 +83,7 @@ p.menu {
8383
margin: 4px 4px 0px 0px;
8484
padding: 0px;
8585
background-color: #ffffff;
86-
#border: 1px solid #cccccc;
86+
/** #border: 1px solid #cccccc; **/
8787
font-size: 80%;
8888
}
8989

slf4j-site/src/site/pages/log4shell.html

Lines changed: 0 additions & 105 deletions
Original file line numberDiff line numberDiff line change
@@ -235,111 +235,6 @@ <h3 class="doAnchor" name="concreteMeasures">Additional protective
235235
<code>owner</code>. If possible, they should also be monitored
236236
against changes and unauthorized manipulation.</p>
237237

238-
<h3 class="doAnchor" name="prevalence">Prevalence of logging
239-
frameworks</h3>
240-
241-
<p>As discussed above, while log4j 2.14 and earlier are
242-
vulnerable to log4shell, log4j 1.x and logback are not.</p>
243-
244-
<p>At this stage, it might be useful mention the prevalence of
245-
each logging library in order to put things into
246-
perspective. Here are the relevant figures as found
247-
in <a href="https://mvnrepository.com/">mvnrepository site</a>
248-
on 2021-12-17. </p>
249-
250-
<table class="bodyTable striped" cellspacing="4" cellpadding="4">
251-
252-
<tr>
253-
<th>Project</th>
254-
<th>Category</th>
255-
<th>group:artifact</th>
256-
<th>usageCount</th>
257-
<th>percentage</th>
258-
</tr>
259-
<tr>
260-
<td>SLF4J</td>
261-
<td>API</td>
262-
<td>org.slf4j:slf4j-api</td>
263-
<td>52,247</td>
264-
<td>69%</td>
265-
</tr>
266-
<tr>
267-
<td>Commons-logging</td>
268-
<td>API</td>
269-
<td>commons-logging:commons-logging</td>
270-
<td>10,412</td>
271-
<td>14%</td>
272-
</tr>
273-
<tr>
274-
<td>SLF4J</td>
275-
<td>API</td>
276-
<td>org.slf4j:jcl-over-slf4j</td>
277-
<td>7,546</td>
278-
<td>10%</td>
279-
</tr>
280-
281-
<tr>
282-
<td>LOG4J2</td>
283-
<td>API</td>
284-
<td>org.apache.logging.log4j:log4j-api</td>
285-
<td>5,226</td>
286-
<td> 7%</td>
287-
</tr>
288-
289-
<tr>
290-
<td>Total</td>
291-
<td>API </td>
292-
<td>-</td>
293-
<td>75,431 </td>
294-
<td>100%</td>
295-
</tr>
296-
297-
298-
</table>
299-
<table class="bodyTable striped" cellspacing="4" cellpadding="4">
300-
<tr>
301-
<th>Project</th>
302-
<th>Category</th>
303-
<th>group:artifact</th>
304-
<th>usageCount</th>
305-
<th>percentage</th>
306-
</tr>
307-
308-
<tr>
309-
<td>LOGBACK</td>
310-
<td>implementation</td>
311-
<td>ch.qos.logback:logback-classic</td>
312-
<td>21,770</td>
313-
<td>48%</td>
314-
</tr>
315-
316-
<tr>
317-
<td>LOG4J1</td>
318-
<td>implementation</td>
319-
<td>log4j:log4j</td>
320-
<td>16,610</td>
321-
<td>37%</td>
322-
</tr>
323-
<tr>
324-
<td>LOG4J2</td>
325-
<td>implementation</td>
326-
<td>org.apache.logging.log4j:log4j-core</td>
327-
<td>6,974</td>
328-
<td>15%</td>
329-
</tr>
330-
331-
<tr>
332-
<td>Total</td>
333-
<td>implementaion </td>
334-
<td>-</td>
335-
<td>45,174 </td>
336-
<td>100%</td>
337-
</tr>
338-
</table>
339-
340-
<p>Notwithstanding its 48% prevalence overall (implementation),
341-
no attacks have been reported against logback that we are aware
342-
of.</p>
343238

344239
<h3>Further reading</h3>
345240

0 commit comments

Comments
 (0)