[
https://issues.apache.org/jira/browse/HELIX-257?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13799720#comment-13799720
]
Kanak Biscuitwala commented on HELIX-257:
-----------------------------------------
Can't apply this patch because of all the log messages output by the restlet
library. See TestAlertFireHistory for an example. Restlet seems to use
java.util.logging while Helix uses log4j, and these are not very compatible.
There are a few possibilities, though others can certainly chime in if there
are any that I missed:
1) Insert the following into ZkPropertyTransferServer (or another class; I'm
not super familiar with this code):
static {
org.restlet.engine.Engine.setLogLevel(Level.SEVERE);
}
2) Use an sjf4j bridge to redirect these logging messages, at which point they
can be disabled in the normal way
> Upgrade Restlet to 2.1.4 - due security flaw
> --------------------------------------------
>
> Key: HELIX-257
> URL: https://issues.apache.org/jira/browse/HELIX-257
> Project: Apache Helix
> Issue Type: Bug
> Components: helix-core
> Affects Versions: 0.6.0-incubating, 0.6.1-incubating, 0.6.2-incubating
> Reporter: Alexadre Porcelli
> Priority: Critical
> Attachments:
> 0001-HELIX-257-Upgraded-restlet-from-1.1.10-to-2.1.4.patch
>
>
> The current version of Restlet used by Helix has at least 2 know security
> flaws CVE-2013-4221 and CVE-2013-4271.
> Those issues are addressed in Restlet 2.1.4
--
This message was sent by Atlassian JIRA
(v6.1#6144)
