Zookeeper 3.5.9

Mon, 17 Apr 2023 10:13:15 -0700 

Hi,

We are using zookeeper 3.5.9 version
http://archive.apache.org/dist/zookeeper/zookeeper-3.5.9/
and we would like to patch the log4j vulnerabilities.

Can someone please help with this? *Unfortunately we have a dependency with
this particular version and cannot upgrade to a new version as of now. *

I have tried to upgrade log4j-1.2.17.jar with log4j-core-2.17.0.jar and
log4j-api-2.17.0.jar. But faced these errors

ZooKeeper JMX enabled by default
Using config: /conf/zoo.cfg
Failed to instantiate SLF4J LoggerFactory
Reported exception:
java.lang.NoClassDefFoundError: org/apache/log4j/Level

 I have also tried to add reload jar

# Fixing Log4j vulnerabilities
RUN rm /zookeeper-3.5.9/lib/log4j-1.2.17*
RUN rm /zookeeper-3.5.9/lib/slf4j*
RUN wget
https://repo1.maven.org/maven2/org/apache/logging/log4j/log4j-core/2.20.0/log4j-core-2.20.0.jar
-P /zookeeper-3.5.9/lib/
RUN wget
https://repo1.maven.org/maven2/org/apache/logging/log4j/log4j-api/2.20.0/log4j-api-2.20.0.jar
-P /zookeeper-3.5.9/lib/
RUN wget
https://repo1.maven.org/maven2/org/slf4j/slf4j-api/2.0.7/slf4j-api-2.0.7.jar
 -P /zookeeper-3.5.9/lib/
RUN wget
https://repo1.maven.org/maven2/org/slf4j/slf4j-reload4j/2.0.7/slf4j-reload4j-2.0.7.jar
  -P /zookeeper-3.5.9/lib/

*Error:*

ZooKeeper JMX enabled by default
Using config: /conf/zoo.cfg
SLF4J: A SLF4J service provider failed to instantiate:
org.slf4j.spi.SLF4JServiceProvider: Provider
org.slf4j.reload4j.Reload4jServiceProvider could not be instantiated
SLF4J: No SLF4J providers were found.
SLF4J: Defaulting to no-operation (NOP) logger implementation
SLF4J: See https://www.slf4j.org/codes.html#noProviders for further details

Can someone please help with this??

Thanks,

Priya

Reply via email to