[
https://issues.apache.org/jira/browse/ZOOKEEPER-2342?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17489767#comment-17489767
]
Ralph Goers commented on ZOOKEEPER-2342:
----------------------------------------
For those of you considering using reload4j please be aware that the Logging
Services PMC continues to get security vulnerability reports against Log4j 1.
It is unusual for CVEs to be filed against an EOL'd project. It is unclear if
the reports we receive area also sent to the reload4j project and if they are,
whether the maintainers choose to create CVEs or not.
> Migrate to Log4J 2.
> -------------------
>
> Key: ZOOKEEPER-2342
> URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2342
> Project: ZooKeeper
> Issue Type: Bug
> Reporter: Chris Nauroth
> Assignee: Chris Nauroth
> Priority: Major
> Attachments: ZOOKEEPER-2342.001.patch
>
>
> ZOOKEEPER-1371 removed our source code dependency on Log4J. It appears that
> this also removed the Log4J SLF4J binding jar from the runtime classpath.
> Without any SLF4J binding jar available on the runtime classpath, it is
> impossible to write logs.
> This JIRA investigated migration to Log4J 2 as a possible path towards
> resolving the bug introduced by ZOOKEEPER-1371. At this point, we know this
> is not feasible short-term. This JIRA remains open to track long-term
> migration to Log4J 2.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
