Re: replacing log4j

Xiangdong Huang Sun, 29 May 2022 08:09:13 -0700

Hi,  I suddenly consider one thing.. I remember IoTDB is using logback..
rather than log4j...
-----------------------------------
Xiangdong Huang
School of Software, Tsinghua University




Jialin Qiao <qiaojia...@apache.org> 于2022年5月25日周三 21:46写道：

> Hi,
>
> +1 for the replacing. The PR is merged.
>
> Maybe the security issue is so critical that the author wants to get rid of
> it by renaming it...
>
> Thanks,
> —————————————————
> Jialin Qiao
> Apache IoTDB PMC
>
>
> HW-Chao Wang <576749...@qq.com.invalid> 于2022年5月24日周二 21:54写道：
>
> > yes, i will raise jira and alter it.
> >
> >
> >
> > ---Original---
> > From: "Xiangdong Huang"<saint...@gmail.com&gt;
> > Date: Tue, May 24, 2022 21:47 PM
> > To: "dev"<dev@iotdb.apache.org&gt;;
> > Subject: Re: replacing log4j
> >
> >
> > I see, [1] introduces the reason that reload4j is born.
> > As it is just a modification in pom file and the project is forked from
> > log4j 1.2.17, I think it is fine.
> >
> > BTW, I feel very very confusing why log4j community ends the life of
> log4j
> > 1
> > (and in the same time the initial author of log4j 1 forks an independent
> > project...)
> >
> > [1] https://reload4j.qos.ch/
> > -----------------------------------
> > Xiangdong Huang
> > School of Software, Tsinghua University
> >
> > &nbsp;黄向东
> > 清华大学 软件学院
> >
> >
> > HW-Chao Wang <576749...@qq.com.invalid&gt; 于2022年5月24日周二 17:24写道：
> >
> > &gt; Because of the large amount of changes, the configuration file and
> > import
> > &gt; of each class have to change.
> > &gt;
> > &gt;
> > &gt;
> > &gt;
> > &gt; ---Original---
> > &gt; From: "Xiangdong Huang"<saint...@gmail.com&amp;gt;
> > &gt; Date: Tue, May 24, 2022 17:17 PM
> > &gt; To: "dev"<dev@iotdb.apache.org&amp;gt;;
> > &gt; Subject: Re: replacing log4j
> > &gt;
> > &gt;
> > &gt; Hi, I wonder why not log4j2? any comparison in other communities?
> > &gt; -----------------------------------
> > &gt; Xiangdong Huang
> > &gt; School of Software, Tsinghua University
> > &gt;
> > &gt; &amp;nbsp;黄向东
> > &gt; 清华大学 软件学院
> > &gt;
> > &gt;
> > &gt; HW-Chao Wang <576749...@qq.com.invalid&amp;gt; 于2022年5月24日周二
> 16:23写道：
> > &gt;
> > &gt; &amp;gt; hi all ，
> > &gt; &amp;gt; We need to consider replacing log4j1, because log4j1 is EOM
> > and has
> > &gt; some
> > &gt; &amp;gt; CVE vulnerabilities. Reload 4J is used to replace it. Other
> > open
> > &gt; source
> > &gt; &amp;gt; communities have been replaced. Refer to hbase-26691.
> > &gt; &amp;gt; Thanks&amp;amp;nbsp;
>

Re: replacing log4j

Reply via email to