+1 on the log4j2 2.17.0
-Stephen
On Sat, Dec 18, 2021 at 10:14 PM 张铎(Duo Zhang)
wrote:
> Let's also update log4j2 to 2.17.0 for hbase-oeprator-tools?
>
> Thanks.
>
> 张铎(Duo Zhang) 于2021年12月18日周六 17:07写道:
>
> > +1 (binding)
> >
> > Checked sigs and sums: Matched
> > Rat check: Passed
> > Built
https://github.com/apache/hbase/pull/3965
Andrew Purtell 于2021年12月19日周日 13:51写道:
> Sure, we are on the same page about this RC.
>
> > On Dec 18, 2021, at 9:46 PM, 张铎 wrote:
> >
> > I think we are on the same page that we should upgrade to the newest
> log4j2
> > version since the final
Duo Zhang created HBASE-26607:
-
Summary: Put up 3.0.0-alpha-2RC2
Key: HBASE-26607
URL: https://issues.apache.org/jira/browse/HBASE-26607
Project: HBase
Issue Type: Sub-task
Reporter:
[
https://issues.apache.org/jira/browse/HBASE-26569?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Duo Zhang resolved HBASE-26569.
---
Resolution: Fixed
Still need to upgrade log4j2.
> Put up 3.0.0-alpha-2RC1
>
Let's also update log4j2 to 2.17.0 for hbase-oeprator-tools?
Thanks.
张铎(Duo Zhang) 于2021年12月18日周六 17:07写道:
> +1 (binding)
>
> Checked sigs and sums: Matched
> Rat check: Passed
> Built from src: Succeeded
> Run UTs: Passed
> CHANGES and RELEASENOTES: Missed two issues, for generating these two
Duo Zhang created HBASE-26606:
-
Summary: Upgrade log4j2 to 2.17.0
Key: HBASE-26606
URL: https://issues.apache.org/jira/browse/HBASE-26606
Project: HBase
Issue Type: Task
Components:
Sure, we are on the same page about this RC.
> On Dec 18, 2021, at 9:46 PM, 张铎 wrote:
>
> I think we are on the same page that we should upgrade to the newest log4j2
> version since the final release has not been published yet.
>
> But on log4j1, in our community we have discussed this
I think we are on the same page that we should upgrade to the newest log4j2
version since the final release has not been published yet.
But on log4j1, in our community we have discussed this before when there is
a CVE for it. You can view this page
https://logging.apache.org/log4j/1.2/
And even
As to your first point, I think it is a simple consideration: A user’s security
department or compliance regulator will ask: “Does this version include log4j
with a known CVE?” Why would we provide a release where they have to answer
“yes” when we can provide them a release where they can
After 2.15.0, all the problems require you manually put some special
markers in the pattern layout in your configuration file, so it is already
less hurt, we do not have something like %m{lookup} in the pattern layout
by default.
Anyway, since we haven’t released 3.0.0-alpha-2 yet, let’s upgrade
Josh Elser created HBASE-26605:
--
Summary: TestHStore#testRefreshStoreFiles broken due to
unqualified and qualified paths
Key: HBASE-26605
URL: https://issues.apache.org/jira/browse/HBASE-26605
Project:
Apologies, I managed to hit the send button before finishing. My veto can
be cured by upgrading Log4J to ** 2.17.0 ** . See
https://logging.apache.org/log4j/2.x/security.html.
On Sat, Dec 18, 2021 at 1:22 PM Andrew Purtell wrote:
> -1 (binding)
>
> The Log4J issues are not fixed by 2.15.
>
> I
-1 (binding)
The Log4J issues are not fixed by 2.15.
I wish we had remained on Log4J 1. Hadoop 3 is still on 1, although I know
they have plans to upgrade. It does not seem advisable to use Log4J 2 at
all actually. Another option that does not include such a dangerous
reference/rewrite mechanism
Please vote on this Apache HBase release candidate, hbase-2.4.9RC0
The VOTE will remain open for at least 72 hours.
[ ] +1 Release this package as Apache HBase 2.4.9
[ ] -1 Do not release this package because ...
The tag to be voted on is 2.4.9RC0:
+1 (binding)
* Xsums/sigs good
* Can build from source
* Log4j 2.15 is included (more on this in the below)
* log4j2.formatMsgNoLookups=true is set (multiple times per process, but
properly set)
* hbase-config.sh issue is fixed over rc1
Best as I've been able to keep up, it seems like we
+1
* Signature: ok
* Checksum : ok
* Rat check (1.8.0_301): ok
- mvn clean apache-rat:check
* Built from source (1.8.0_301): ok
- mvn clean install -DskipTests
* Unit tests pass (1.8.0_301): ok
- mvn package -P runSmallTests -Dsurefire.rerunFailingTestsCount=3
* Nightly build results look
[
https://issues.apache.org/jira/browse/HBASE-26580?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Duo Zhang resolved HBASE-26580.
---
Fix Version/s: 2.5.0
3.0.0-alpha-3
2.4.10
Hadoop Flags:
Yutong Xiao created HBASE-26604:
---
Summary: Replace new allocation with ThreadLocal in
CellBlockBuilder to reduce GC
Key: HBASE-26604
URL: https://issues.apache.org/jira/browse/HBASE-26604
Project:
+1 (binding)
Checked sigs and sums: Matched
Rat check: Passed
Built from src: Succeeded
Run UTs: Passed
CHANGES and RELEASENOTES: Missed two issues, for generating these two files
and change version in pom. This is not an actual code problem so I always
do not want to sink an RC due to the
The readme of the project says we have two tools, one is HBCK2, the other
is TableReporter, but in the binary I can only see HBCK2...
But anyway, checking the previous release, we did not include TableReporter
either, so not this release's fault...
Josh Elser 于2021年12月17日周五 23:03写道:
> +1
There is a previous thread[1] to mention that the main development work on
HBASE-26233[2] is done. And now the testing work has been done too, so I
send this official vote to merge for HBASE-26233 back into master.
For those who are not familiar with HBASE-26233, it is for re-implementing
the
21 matches
Mail list logo
