zookeeper-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Václav Haisman (Jira) <j...@apache.org>
Subject [jira] [Commented] (ZOOKEEPER-2342) Migrate to Log4J 2.
Date Fri, 28 May 2021 19:10:00 GMT

    [ https://issues.apache.org/jira/browse/ZOOKEEPER-2342?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17353525#comment-17353525
] 

Václav Haisman commented on ZOOKEEPER-2342:
-------------------------------------------

We are seeing the log4j 1.x vulnerabilities in our scans, too. Is there a way forward with
this migration? What about proceeding with this conversion by doing the necessary breaking
changes in new major release, 4.0.0?

> Migrate to Log4J 2.
> -------------------
>
>                 Key: ZOOKEEPER-2342
>                 URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2342
>             Project: ZooKeeper
>          Issue Type: Bug
>            Reporter: Chris Nauroth
>            Assignee: Chris Nauroth
>            Priority: Major
>             Fix For: 3.8.0
>
>         Attachments: ZOOKEEPER-2342.001.patch
>
>
> ZOOKEEPER-1371 removed our source code dependency on Log4J.  It appears that this also
removed the Log4J SLF4J binding jar from the runtime classpath.  Without any SLF4J binding
jar available on the runtime classpath, it is impossible to write logs.
> This JIRA investigated migration to Log4J 2 as a possible path towards resolving the
bug introduced by ZOOKEEPER-1371.  At this point, we know this is not feasible short-term.
 This JIRA remains open to track long-term migration to Log4J 2.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Mime
View raw message