Re: [PR] [NO-ISSUE] Use reload4j instead of log4j [zeppelin]

via GitHub Tue, 20 Feb 2024 03:18:09 -0800


pjfanning commented on code in PR #4719:
URL: https://github.com/apache/zeppelin/pull/4719#discussion_r1495648581



##########
pom.xml:
##########
@@ -114,8 +114,7 @@
     <plugin.frontend.version>1.12.1</plugin.frontend.version>
 
     <!-- common library versions -->
-    <slf4j.version>1.7.30</slf4j.version>
-    <log4j.version>1.2.17</log4j.version>
+    <slf4j.version>1.7.35</slf4j.version>

Review Comment:
   causes a maven convergence issue - due to other dependencies of zeppelin 
using 1.7.35
   
   I can try further changes but it could take a few days.
   
   The key thing is to get agreement that keeping log4jv1 is not a good thing 
and that reload4j is a reasonable short term change to avoid using a completely 
insecure logging framework.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Re: [PR] [NO-ISSUE] Use reload4j instead of log4j [zeppelin]

Reply via email to