Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add specific version for lombok and improved logging of Java Springboot Example #371

Merged
merged 7 commits into from
Oct 20, 2023
Merged

Add specific version for lombok and improved logging of Java Springboot Example #371

merged 7 commits into from
Oct 20, 2023

Conversation

CharlesShuller
Copy link
Contributor

No description provided.

@CharlesShuller CharlesShuller changed the title Add specific version for lombok Add specific version for lombok and improved logging of Java Springboot Example Oct 20, 2023
@dean-f451
Copy link

dean-f451 commented Oct 20, 2023
edited
Loading

Personnally, if I were introducing logging to a java program, I would have used logback. It has some nice features that didn't exist when I was using it, such as periodically rescanning the configuration file, which means you can change the log level in a running process without having to restart it. Very useful. And the java developers did a nice job of making it transparent which logging facility you are using (e.g., there's a standard API that they all support) so it's easy to switch between them.

The main reason would be just to avoid log4j on principle. I checked the version that is being used, 2.21.0, and that is supposed to be safe from the 10/10 severity exploit that happened 2 years ago. See the following for explanations of the exploit and which version is safe (2.17.1 and later are safe).

https://builtin.com/cybersecurity/log4j-vulerability-explained

https://www.upguard.com/blog/apache-log4j-vulnerability

dean-f451
dean-f451 reviewed Oct 20, 2023
View reviewed changes
...es/java-springboot/src/main/java/com/spruceid/didkitexample/util/VerifiablePresentation.java
@@ -79,4 +100,22 @@ public static Map<String, Object> verifyPresentation(

return vc;
}

private static Map<String, Object> getFirstVc(Object vcs) {
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

3 separate methods overloaded on the instance types would be preferable here.

dean-f451
dean-f451 approved these changes Oct 20, 2023
View reviewed changes
Copy link

@dean-f451 dean-f451 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Most Java programmers won't like the use of instanceof but it's not going to break anything.

@CharlesShuller CharlesShuller merged commit 08aeafe into main Oct 20, 2023
6 checks passed
@CharlesShuller CharlesShuller deleted the fix/java-springboot-compile branch October 20, 2023 22:37
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dean-f451 dean-f451 dean-f451 approved these changes

@theosirian theosirian Awaiting requested review from theosirian

@skgbafa skgbafa Awaiting requested review from skgbafa

@sbihel sbihel Awaiting requested review from sbihel

@tristanmiller-spruceid tristanmiller-spruceid Awaiting requested review from tristanmiller-spruceid

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@CharlesShuller @dean-f451 @shoito