Already filed HBASE-26691. Wei-Chiu Chuang <weic...@apache.org> 于2022年1月21日周五 16:53写道:
> +1 I am doing the same in Hadoop. > > On Fri, Jan 21, 2022 at 4:51 PM Viraj Jasani <vjas...@apache.org> wrote: > > > +1 for Reload4J migration in active release branches. > > > > > > On Fri, 21 Jan 2022 at 12:52 PM, Andrew Purtell < > andrew.purt...@gmail.com> > > wrote: > > > > > +1 for migrating to Reload4J. It is binary and configuration compatible > > > with log4j 1 so meets our compatibility guidelines. > > > > > > If this is an agreeable plan I can make the changes in a PR and we can > do > > > a round of new releases. > > > > > > > On Jan 20, 2022, at 10:16 PM, Duo Zhang <zhang...@apache.org> wrote: > > > > > > > > On master we have already migrated to log4j2, but for all other > > release > > > > lines we are still on log4j1. > > > > > > > > Recently there are several new CVEs for log4j1, so I think we should > > also > > > > address them for release lines other than master. > > > > > > > > One possible solution is to also migrate log4j2 but use log4j12 > bridge > > to > > > > maintain the compatibility, but we have already known that log4j12 > > bridge > > > > can not work perfectly with hadoop, as hadoop has some customized > > log4j1 > > > > appender implementations, which inherit some log4j1 appenders which > are > > > not > > > > part of the log4j12 bridge. > > > > > > > > Reload4j is a fork of the log4j1 and has fixed the critical CVEs, so > it > > > is > > > > less hurt to replace log4j with reload4j. > > > > > > > > Suggestions are welcomed. > > > > > > > > Thanks. Regards > > > > > >