Re: replacing log4j

2022-05-29 Thread Willem Jiang 
If you are using slf4j, you can switch the log implementations between
logback and log4j.

Willem Jiang

Twitter: willemjiang
Weibo: 姜宁willem

On Sun, May 29, 2022 at 11:09 PM Xiangdong Huang  wrote:
>
> Hi,  I suddenly consider one thing.. I remember IoTDB is using logback..
> rather than log4j...
> ---
> Xiangdong Huang
> School of Software, Tsinghua University
>
>
>
> Jialin Qiao  于2022年5月25日周三 21:46写道:
>
> > Hi,
> >
> > +1 for the replacing. The PR is merged.
> >
> > Maybe the security issue is so critical that the author wants to get rid of
> > it by renaming it...
> >
> > Thanks,
> > —
> > Jialin Qiao
> > Apache IoTDB PMC
> >
> >
> > HW-Chao Wang <576749...@qq.com.invalid> 于2022年5月24日周二 21:54写道:
> >
> > > yes, i will raise jira and alter it.
> > >
> > >
> > >
> > > ---Original---
> > > From: "Xiangdong Huang" > > Date: Tue, May 24, 2022 21:47 PM
> > > To: "dev" > > Subject: Re: replacing log4j
> > >
> > >
> > > I see, [1] introduces the reason that reload4j is born.
> > > As it is just a modification in pom file and the project is forked from
> > > log4j 1.2.17, I think it is fine.
> > >
> > > BTW, I feel very very confusing why log4j community ends the life of
> > log4j
> > > 1
> > > (and in the same time the initial author of log4j 1 forks an independent
> > > project...)
> > >
> > > [1] https://reload4j.qos.ch/
> > > ---
> > > Xiangdong Huang
> > > School of Software, Tsinghua University
> > >
> > > 黄向东
> > > 清华大学 软件学院
> > >
> > >
> > > HW-Chao Wang <576749...@qq.com.invalid 于2022年5月24日周二 17:24写道:
> > >
> > >  Because of the large amount of changes, the configuration file and
> > > import
> > >  of each class have to change.
> > > 
> > > 
> > > 
> > > 
> > >  ---Original---
> > >  From: "Xiangdong Huang" > >  Date: Tue, May 24, 2022 17:17 PM
> > >  To: "dev" > >  Subject: Re: replacing log4j
> > > 
> > > 
> > >  Hi, I wonder why not log4j2? any comparison in other communities?
> > >  ---
> > >  Xiangdong Huang
> > >  School of Software, Tsinghua University
> > > 
> > >  nbsp;黄向东
> > >  清华大学 软件学院
> > > 
> > > 
> > >  HW-Chao Wang <576749...@qq.com.invalidgt; 于2022年5月24日周二
> > 16:23写道:
> > > 
> > >  gt; hi all ,
> > >  gt; We need to consider replacing log4j1, because log4j1 is EOM
> > > and has
> > >  some
> > >  gt; CVE vulnerabilities. Reload 4J is used to replace it. Other
> > > open
> > >  source
> > >  gt; communities have been replaced. Refer to hbase-26691.
> > >  gt; Thanksamp;nbsp;
> >

[BUILD-UNSTABLE]: Job 'IoTDB/IoTDB-Pipe/master [master] [609]'

2022-05-29 Thread Apache Jenkins Server 
BUILD-UNSTABLE: Job 'IoTDB/IoTDB-Pipe/master [master] [609]':

Check console output at "https://ci-builds.apache.org/job/IoTDB/job/IoTDB-Pipe/job/master/609/;>IoTDB/IoTDB-Pipe/master
 [master] [609]"

Re: replacing log4j

2022-05-29 Thread Xiangdong Huang 
Hi,  I suddenly consider one thing.. I remember IoTDB is using logback..
rather than log4j...
---
Xiangdong Huang
School of Software, Tsinghua University



Jialin Qiao  于2022年5月25日周三 21:46写道:

> Hi,
>
> +1 for the replacing. The PR is merged.
>
> Maybe the security issue is so critical that the author wants to get rid of
> it by renaming it...
>
> Thanks,
> —
> Jialin Qiao
> Apache IoTDB PMC
>
>
> HW-Chao Wang <576749...@qq.com.invalid> 于2022年5月24日周二 21:54写道:
>
> > yes, i will raise jira and alter it.
> >
> >
> >
> > ---Original---
> > From: "Xiangdong Huang" > Date: Tue, May 24, 2022 21:47 PM
> > To: "dev" > Subject: Re: replacing log4j
> >
> >
> > I see, [1] introduces the reason that reload4j is born.
> > As it is just a modification in pom file and the project is forked from
> > log4j 1.2.17, I think it is fine.
> >
> > BTW, I feel very very confusing why log4j community ends the life of
> log4j
> > 1
> > (and in the same time the initial author of log4j 1 forks an independent
> > project...)
> >
> > [1] https://reload4j.qos.ch/
> > ---
> > Xiangdong Huang
> > School of Software, Tsinghua University
> >
> > 黄向东
> > 清华大学 软件学院
> >
> >
> > HW-Chao Wang <576749...@qq.com.invalid 于2022年5月24日周二 17:24写道:
> >
> >  Because of the large amount of changes, the configuration file and
> > import
> >  of each class have to change.
> > 
> > 
> > 
> > 
> >  ---Original---
> >  From: "Xiangdong Huang" >  Date: Tue, May 24, 2022 17:17 PM
> >  To: "dev" >  Subject: Re: replacing log4j
> > 
> > 
> >  Hi, I wonder why not log4j2? any comparison in other communities?
> >  ---
> >  Xiangdong Huang
> >  School of Software, Tsinghua University
> > 
> >  nbsp;黄向东
> >  清华大学 软件学院
> > 
> > 
> >  HW-Chao Wang <576749...@qq.com.invalidgt; 于2022年5月24日周二
> 16:23写道:
> > 
> >  gt; hi all ,
> >  gt; We need to consider replacing log4j1, because log4j1 is EOM
> > and has
> >  some
> >  gt; CVE vulnerabilities. Reload 4J is used to replace it. Other
> > open
> >  source
> >  gt; communities have been replaced. Refer to hbase-26691.
> >  gt; Thanksamp;nbsp;
>