(Rewriting, my email client changed a few words...sorry)
We are going to switch to LogBack in the next release. It will hopefully come soon, but we don't have a date. By the way zookeeper uses slf4j so you could change the log provider by removing log4j and adding your favourite logging implementation. In Pulsar for instance we are launching zookeeper and putting log4j2 in the classpath. I hope that helps Enrico Il Dom 19 Dic 2021, 21:51 Enrico Olivelli <[email protected]> ha scritto: > We are going to switch to Lombardia in the next release. > It will hopefully come soon, but we don't have a date. > > By the way zookeeper uses slf4j so you could change the log provider by > removing log4j and adding your favourite logging implementation. > > In Pulsar for instance we are launching zookeeper and putting log4j2 in > the classpath. > > I hope that helps > > Enrico > > Il Dom 19 Dic 2021, 16:39 Jörn Franke <[email protected]> ha scritto: > >> Log4j 1.x should generally not be used anymore. Since it is officially >> not maintained anymore it is very unlikely that someone will report >> vulnerabilities on it as they won’t be fixed anyway. Best would be to >> upgrade to latest log4j 2.17 or later. >> >> > Am 18.12.2021 um 23:00 schrieb Rusty Deaton <[email protected] >> .invalid>: >> > >> > Hi there, >> > >> > Given that zookeeper uses log4j 1.2, it appears as though there's a >> > potentially large CVE, https://nvd.nist.gov/vuln/detail/CVE-2021-4104 >> . >> > Is there any official stance on this vulnerability? >> >
