Hi, I suddenly consider one thing.. I remember IoTDB is using logback.. rather than log4j... ----------------------------------- Xiangdong Huang School of Software, Tsinghua University
Jialin Qiao <qiaojia...@apache.org> 于2022年5月25日周三 21:46写道: > Hi, > > +1 for the replacing. The PR is merged. > > Maybe the security issue is so critical that the author wants to get rid of > it by renaming it... > > Thanks, > ————————————————— > Jialin Qiao > Apache IoTDB PMC > > > HW-Chao Wang <576749...@qq.com.invalid> 于2022年5月24日周二 21:54写道: > > > yes, i will raise jira and alter it. > > > > > > > > ---Original--- > > From: "Xiangdong Huang"<saint...@gmail.com> > > Date: Tue, May 24, 2022 21:47 PM > > To: "dev"<dev@iotdb.apache.org>; > > Subject: Re: replacing log4j > > > > > > I see, [1] introduces the reason that reload4j is born. > > As it is just a modification in pom file and the project is forked from > > log4j 1.2.17, I think it is fine. > > > > BTW, I feel very very confusing why log4j community ends the life of > log4j > > 1 > > (and in the same time the initial author of log4j 1 forks an independent > > project...) > > > > [1] https://reload4j.qos.ch/ > > ----------------------------------- > > Xiangdong Huang > > School of Software, Tsinghua University > > > > 黄向东 > > 清华大学 软件学院 > > > > > > HW-Chao Wang <576749...@qq.com.invalid> 于2022年5月24日周二 17:24写道: > > > > > Because of the large amount of changes, the configuration file and > > import > > > of each class have to change. > > > > > > > > > > > > > > > ---Original--- > > > From: "Xiangdong Huang"<saint...@gmail.com&gt; > > > Date: Tue, May 24, 2022 17:17 PM > > > To: "dev"<dev@iotdb.apache.org&gt;; > > > Subject: Re: replacing log4j > > > > > > > > > Hi, I wonder why not log4j2? any comparison in other communities? > > > ----------------------------------- > > > Xiangdong Huang > > > School of Software, Tsinghua University > > > > > > &nbsp;黄向东 > > > 清华大学 软件学院 > > > > > > > > > HW-Chao Wang <576749...@qq.com.invalid&gt; 于2022年5月24日周二 > 16:23写道: > > > > > > &gt; hi all , > > > &gt; We need to consider replacing log4j1, because log4j1 is EOM > > and has > > > some > > > &gt; CVE vulnerabilities. Reload 4J is used to replace it. Other > > open > > > source > > > &gt; communities have been replaced. Refer to hbase-26691. > > > &gt; Thanks&amp;nbsp; >