Re: replacing log4j
If you are using slf4j, you can switch the log implementations between logback and log4j. Willem Jiang Twitter: willemjiang Weibo: 姜宁willem On Sun, May 29, 2022 at 11:09 PM Xiangdong Huang wrote: > > Hi, I suddenly consider one thing.. I remember IoTDB is using logback.. > rather than log4j... > --- > Xiangdong Huang > School of Software, Tsinghua University > > > > Jialin Qiao 于2022年5月25日周三 21:46写道: > > > Hi, > > > > +1 for the replacing. The PR is merged. > > > > Maybe the security issue is so critical that the author wants to get rid of > > it by renaming it... > > > > Thanks, > > — > > Jialin Qiao > > Apache IoTDB PMC > > > > > > HW-Chao Wang <576749...@qq.com.invalid> 于2022年5月24日周二 21:54写道: > > > > > yes, i will raise jira and alter it. > > > > > > > > > > > > ---Original--- > > > From: "Xiangdong Huang" > > Date: Tue, May 24, 2022 21:47 PM > > > To: "dev" > > Subject: Re: replacing log4j > > > > > > > > > I see, [1] introduces the reason that reload4j is born. > > > As it is just a modification in pom file and the project is forked from > > > log4j 1.2.17, I think it is fine. > > > > > > BTW, I feel very very confusing why log4j community ends the life of > > log4j > > > 1 > > > (and in the same time the initial author of log4j 1 forks an independent > > > project...) > > > > > > [1] https://reload4j.qos.ch/ > > > --- > > > Xiangdong Huang > > > School of Software, Tsinghua University > > > > > > 黄向东 > > > 清华大学 软件学院 > > > > > > > > > HW-Chao Wang <576749...@qq.com.invalid 于2022年5月24日周二 17:24写道: > > > > > > Because of the large amount of changes, the configuration file and > > > import > > > of each class have to change. > > > > > > > > > > > > > > > ---Original--- > > > From: "Xiangdong Huang" > > Date: Tue, May 24, 2022 17:17 PM > > > To: "dev" > > Subject: Re: replacing log4j > > > > > > > > > Hi, I wonder why not log4j2? any comparison in other communities? > > > --- > > > Xiangdong Huang > > > School of Software, Tsinghua University > > > > > > nbsp;黄向东 > > > 清华大学 软件学院 > > > > > > > > > HW-Chao Wang <576749...@qq.com.invalidgt; 于2022年5月24日周二 > > 16:23写道: > > > > > > gt; hi all , > > > gt; We need to consider replacing log4j1, because log4j1 is EOM > > > and has > > > some > > > gt; CVE vulnerabilities. Reload 4J is used to replace it. Other > > > open > > > source > > > gt; communities have been replaced. Refer to hbase-26691. > > > gt; Thanksamp;nbsp; > >
Re: replacing log4j
Hi, I suddenly consider one thing.. I remember IoTDB is using logback.. rather than log4j... --- Xiangdong Huang School of Software, Tsinghua University Jialin Qiao 于2022年5月25日周三 21:46写道: > Hi, > > +1 for the replacing. The PR is merged. > > Maybe the security issue is so critical that the author wants to get rid of > it by renaming it... > > Thanks, > — > Jialin Qiao > Apache IoTDB PMC > > > HW-Chao Wang <576749...@qq.com.invalid> 于2022年5月24日周二 21:54写道: > > > yes, i will raise jira and alter it. > > > > > > > > ---Original--- > > From: "Xiangdong Huang" > Date: Tue, May 24, 2022 21:47 PM > > To: "dev" > Subject: Re: replacing log4j > > > > > > I see, [1] introduces the reason that reload4j is born. > > As it is just a modification in pom file and the project is forked from > > log4j 1.2.17, I think it is fine. > > > > BTW, I feel very very confusing why log4j community ends the life of > log4j > > 1 > > (and in the same time the initial author of log4j 1 forks an independent > > project...) > > > > [1] https://reload4j.qos.ch/ > > --- > > Xiangdong Huang > > School of Software, Tsinghua University > > > > 黄向东 > > 清华大学 软件学院 > > > > > > HW-Chao Wang <576749...@qq.com.invalid 于2022年5月24日周二 17:24写道: > > > > Because of the large amount of changes, the configuration file and > > import > > of each class have to change. > > > > > > > > > > ---Original--- > > From: "Xiangdong Huang" > Date: Tue, May 24, 2022 17:17 PM > > To: "dev" > Subject: Re: replacing log4j > > > > > > Hi, I wonder why not log4j2? any comparison in other communities? > > --- > > Xiangdong Huang > > School of Software, Tsinghua University > > > > nbsp;黄向东 > > 清华大学 软件学院 > > > > > > HW-Chao Wang <576749...@qq.com.invalidgt; 于2022年5月24日周二 > 16:23写道: > > > > gt; hi all , > > gt; We need to consider replacing log4j1, because log4j1 is EOM > > and has > > some > > gt; CVE vulnerabilities. Reload 4J is used to replace it. Other > > open > > source > > gt; communities have been replaced. Refer to hbase-26691. > > gt; Thanksamp;nbsp; >
Re: replacing log4j
Hi, +1 for the replacing. The PR is merged. Maybe the security issue is so critical that the author wants to get rid of it by renaming it... Thanks, — Jialin Qiao Apache IoTDB PMC HW-Chao Wang <576749...@qq.com.invalid> 于2022年5月24日周二 21:54写道: > yes, i will raise jira and alter it. > > > > ---Original--- > From: "Xiangdong Huang" Date: Tue, May 24, 2022 21:47 PM > To: "dev" Subject: Re: replacing log4j > > > I see, [1] introduces the reason that reload4j is born. > As it is just a modification in pom file and the project is forked from > log4j 1.2.17, I think it is fine. > > BTW, I feel very very confusing why log4j community ends the life of log4j > 1 > (and in the same time the initial author of log4j 1 forks an independent > project...) > > [1] https://reload4j.qos.ch/ > --- > Xiangdong Huang > School of Software, Tsinghua University > > 黄向东 > 清华大学 软件学院 > > > HW-Chao Wang <576749...@qq.com.invalid 于2022年5月24日周二 17:24写道: > > Because of the large amount of changes, the configuration file and > import > of each class have to change. > > > > > ---Original--- > From: "Xiangdong Huang" Date: Tue, May 24, 2022 17:17 PM > To: "dev" Subject: Re: replacing log4j > > > Hi, I wonder why not log4j2? any comparison in other communities? > --- > Xiangdong Huang > School of Software, Tsinghua University > > nbsp;黄向东 > 清华大学 软件学院 > > > HW-Chao Wang <576749...@qq.com.invalidgt; 于2022年5月24日周二 16:23写道: > > gt; hi all , > gt; We need to consider replacing log4j1, because log4j1 is EOM > and has > some > gt; CVE vulnerabilities. Reload 4J is used to replace it. Other > open > source > gt; communities have been replaced. Refer to hbase-26691. > gt; Thanksamp;nbsp;
Re: replacing log4j
I see, [1] introduces the reason that reload4j is born. As it is just a modification in pom file and the project is forked from log4j 1.2.17, I think it is fine. BTW, I feel very very confusing why log4j community ends the life of log4j 1 (and in the same time the initial author of log4j 1 forks an independent project...) [1] https://reload4j.qos.ch/ --- Xiangdong Huang School of Software, Tsinghua University 黄向东 清华大学 软件学院 HW-Chao Wang <576749...@qq.com.invalid> 于2022年5月24日周二 17:24写道: > Because of the large amount of changes, the configuration file and import > of each class have to change. > > > > > ---Original--- > From: "Xiangdong Huang" Date: Tue, May 24, 2022 17:17 PM > To: "dev" Subject: Re: replacing log4j > > > Hi, I wonder why not log4j2? any comparison in other communities? > --- > Xiangdong Huang > School of Software, Tsinghua University > > 黄向东 > 清华大学 软件学院 > > > HW-Chao Wang <576749...@qq.com.invalid 于2022年5月24日周二 16:23写道: > > hi all , > We need to consider replacing log4j1, because log4j1 is EOM and has > some > CVE vulnerabilities. Reload 4J is used to replace it. Other open > source > communities have been replaced. Refer to hbase-26691. > Thanksnbsp;
Re: replacing log4j
Because of the large amount of changes, the configuration file and import of each class have to change. ---Original--- From: "Xiangdong Huang"
Re: replacing log4j
Hi, I wonder why not log4j2? any comparison in other communities? --- Xiangdong Huang School of Software, Tsinghua University 黄向东 清华大学 软件学院 HW-Chao Wang <576749...@qq.com.invalid> 于2022年5月24日周二 16:23写道: > hi all , > We need to consider replacing log4j1, because log4j1 is EOM and has some > CVE vulnerabilities. Reload 4J is used to replace it. Other open source > communities have been replaced. Refer to hbase-26691. > Thanks