| アイテムタイプ |
会議発表論文 / Conference Paper(1) |
| 公開日 |
2025-09-30 |
| 日付 |
|
|
日付 |
2027-06-13 |
|
日付タイプ |
Available |
| タイトル |
|
|
タイトル |
Do Developers Depend on Deprecated Library Versions? A Mining Study of Log4j |
| 言語 |
|
|
言語 |
eng |
| キーワード |
|
|
主題Scheme |
Other |
|
主題 |
Log4j |
| キーワード |
|
|
主題Scheme |
Other |
|
主題 |
Security Vulnerabilities |
| キーワード |
|
|
主題Scheme |
Other |
|
主題 |
Library Migration |
| 資源タイプ |
|
|
資源タイプ |
conference paper |
| アクセス権 |
|
|
アクセス権 |
embargoed access |
| 著者 |
Yoshioka, Haruhiko
Lertbanjongngam, Sila
Inaba, Masayuki
Fan, Youmei
Nakano, Takashi
嶋利, 一真
Kula, Raula Gaikovina
松本, 健一
|
| 抄録 |
|
|
内容記述タイプ |
Abstract |
|
内容記述 |
Log4j has become a widely adopted logging library for Java programs due to its long history and high reliability. Its widespread use is notable not only because of its maturity but also due to the complexity and depth of its features, which have made it an essential tool for many developers. However, Log4j 1.x, which reached its end of support (deprecated), poses significant security risks and has numerous deprecated features that can be exploited by attackers. Despite this, some clients may still rely on this library. We aim to understand whether clients are still using Log4j 1.x despite its official support ending. We utilized the Mining Software Repositories 2025 challenge dataset, which provides a large and representative sample of open-source software projects. We analyzed over 10,000 log entries from the Mining Software Repositories 2025 challenge dataset using the Goblin framework to identify trends in usage rates for both Log4j 1.x and Log4j-core 2.x. Specifically, our study addressed two key issues: (1) We examined the usage rates and trends for these two libraries, highlighting any notable differences or patterns in their adoption. (2) We demonstrate that projects initiated after a deprecated library has reached the end of its support lifecycle can still maintain significant popularity. These findings highlight how deprecated are still popular, with the next step being to understand the reasoning behind these adoptions. |
| 書誌情報 |
en : Proceedings - 2025 IEEE/ACM 22nd International Conference on Mining Software Repositories
ページ数 5,
発行日 2025-06-13
|
| 会議情報 |
|
|
|
会議名 |
22nd International Conference on Mining Software Repositories |
|
|
開始年 |
2025 |
|
|
開始月 |
04 |
|
|
開始日 |
28 |
|
|
終了年 |
2025 |
|
|
終了月 |
04 |
|
|
終了日 |
29 |
|
|
開催期間 |
2025-04-28 - 2025-04-29 |
|
|
開催地 |
Ottawa, ON, Canada |
|
開催国 |
CAN |
| 出版者 |
|
|
出版者 |
IEEE |
| ISSN |
|
|
収録物識別子タイプ |
EISSN |
|
収録物識別子 |
2574-3864 |
| 出版者版DOI |
|
|
関連タイプ |
isVersionOf |
|
|
識別子タイプ |
DOI |
|
|
関連識別子 |
https://doi.org/10.1109/MSR66628.2025.00057 |
| 出版者版URI |
|
|
関連タイプ |
isVersionOf |
|
|
識別子タイプ |
URI |
|
|
関連識別子 |
https://ieeexplore.ieee.org/document/11025729 |
| 権利 |
|
|
権利情報 |
© 2025 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works. 出版社許諾条件により、本文は2027年6月13日以降に公開 |
| 著者版フラグ |
|
|
出版タイプ |
AM |
| 助成情報 |
|
|
|
助成機関名 |
Japan Society for the Promotion of Science (JSPS) |
|
|
研究課題番号 |
JP20H05706 |
|
|
研究課題番号URI |
https://kaken.nii.ac.jp/grant/KAKENHI-PROJECT-20H05706/ |
|
|
研究課題名 |
次世代ソフトウェアエコシステムのための基盤・展開技術 |
| 助成情報 |
|
|
|
助成機関名 |
Japan Society for the Promotion of Science (JSPS) |
|
|
研究課題番号 |
JP23K28065 |
|
|
研究課題番号URI |
https://kaken.nii.ac.jp/grant/KAKENHI-PROJECT-23K28065/ |
|
|
研究課題名 |
SPDXを活用したソフトウェアエコシステム分析基盤の開発 |
| 助成情報 |
|
|
|
助成機関名 |
Japan Society for the Promotion of Science (JSPS) |
|
|
研究課題番号 |
JP23K16862 |
|
|
研究課題番号URI |
https://kaken.nii.ac.jp/grant/KAKENHI-PROJECT-23K16862/ |
|
|
研究課題名 |
ロギング設定の出力に関する分析とプロジェクトの特性に応じた最適化支援 |
| 助成情報 |
|
|
|
助成機関名 |
Japan Society for the Promotion of Science (JSPS) |
|
|
研究課題番号 |
JP24K14895 |
|
|
研究課題番号URI |
https://kaken.nii.ac.jp/grant/KAKENHI-PROJECT-24K14895/ |
|
|
研究課題名 |
ライブラリの後方非互換性のドキュメント化に向けた解析基盤の構築 |
| 助成情報 |
|
|
|
助成機関名 |
Japan Science and Technology Agency (JST) |
|
|
研究課題番号 |
JPMJBS2423 |
|
|
研究課題名 |
JST BOOST |
fulltext (481.3 KB)
