You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@bookkeeper.apache.org by GitBox <gi...@apache.org> on 2022/04/01 16:23:03 UTC
[GitHub] [bookkeeper] nicoloboschi opened a new pull request #3167: [branch-4.14] Replace Log4J with Reload4J
nicoloboschi opened a new pull request #3167:
URL: https://github.com/apache/bookkeeper/pull/3167
### Motivation
Log4J is dead and it has a lot of vulnerabilities. We already switched to Log4J2 on master branch.
The easiest way to replace it is to use [reload4j](https://reload4j.qos.ch/)
### Changes
* Update org.slf4j:log4j-over-slf4j to 1.7.36 which automatically replace the jar with reload4j replacement
From the official [website](https://www.slf4j.org/news.html)
>2022-01-25 - Release of SLF4J 1.7.35
• In this release, the "slf4j-log4j12" artifact automatically instructs Maven to use the "slf4j-reload4j" artifact instead. As you might have guessed, the "slf4j-reload4j" binding delegates log processing to the reload4j logging framework.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@bookkeeper.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [bookkeeper] nicoloboschi commented on pull request #3167: [branch-4.14] Replace Log4J with Reload4J
Posted by GitBox <gi...@apache.org>.
nicoloboschi commented on pull request #3167:
URL: https://github.com/apache/bookkeeper/pull/3167#issuecomment-1084832643
rerun failure checks
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@bookkeeper.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [bookkeeper] eolivelli commented on pull request #3167: [branch-4.14] Replace Log4J with Reload4J
Posted by GitBox <gi...@apache.org>.
eolivelli commented on pull request #3167:
URL: https://github.com/apache/bookkeeper/pull/3167#issuecomment-1085540830
we should fix spotbugs errors on JDK8, CI is not passing (this deserves a separate patch)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@bookkeeper.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [bookkeeper] dlg99 commented on a change in pull request #3167: [branch-4.14] Replace Log4J with Reload4J
Posted by GitBox <gi...@apache.org>.
dlg99 commented on a change in pull request #3167:
URL: https://github.com/apache/bookkeeper/pull/3167#discussion_r839866094
##########
File path: pom.xml
##########
@@ -160,7 +160,7 @@
<reflections.version>0.9.11</reflections.version>
<rocksdb.version>6.29.4.1</rocksdb.version>
<shrinkwrap.version>3.0.1</shrinkwrap.version>
- <slf4j.version>1.7.32</slf4j.version>
+ <slf4j.version>1.7.36</slf4j.version>
Review comment:
that got me confused for a sec, why there is no new dependency added.
In case someone has the same question, this is because of
> The SLF4J project has released version 1.7.35 containing the slf4j-reload4j module which supports reload4j. Moreover, the "slf4j-log4j12" artifact contains a Maven relocation directive for the "slf4j-reload4j" artifact.
https://reload4j.qos.ch/
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@bookkeeper.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [bookkeeper] nicoloboschi closed pull request #3167: [branch-4.14] Replace Log4J with Reload4J
Posted by GitBox <gi...@apache.org>.
nicoloboschi closed pull request #3167:
URL: https://github.com/apache/bookkeeper/pull/3167
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@bookkeeper.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [bookkeeper] nicoloboschi commented on a change in pull request #3167: [branch-4.14] Replace Log4J with Reload4J
Posted by GitBox <gi...@apache.org>.
nicoloboschi commented on a change in pull request #3167:
URL: https://github.com/apache/bookkeeper/pull/3167#discussion_r839897353
##########
File path: pom.xml
##########
@@ -160,7 +160,7 @@
<reflections.version>0.9.11</reflections.version>
<rocksdb.version>6.29.4.1</rocksdb.version>
<shrinkwrap.version>3.0.1</shrinkwrap.version>
- <slf4j.version>1.7.32</slf4j.version>
+ <slf4j.version>1.7.36</slf4j.version>
Review comment:
it was in the pull description 😢
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@bookkeeper.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [bookkeeper] dlg99 commented on pull request #3167: [branch-4.14] Replace Log4J with Reload4J
Posted by GitBox <gi...@apache.org>.
dlg99 commented on pull request #3167:
URL: https://github.com/apache/bookkeeper/pull/3167#issuecomment-1084914224
there are couple of failed CI jobs. One feels like a flake, I restarted it. Another one might need rebase on top of the spotbugs fixes:
```
[INFO] Error size is 0
[INFO] Total bugs: 1
Error: Exception is caught when Exception is not thrown in org.apache.bookkeeper.proto.checksum.DirectMemoryCRC32Digest.<static initializer for DirectMemoryCRC32Digest>() [org.apache.bookkeeper.proto.checksum.DirectMemoryCRC32Digest] At DirectMemoryCRC32Digest.java:[line 86] REC_CATCH_EXCEPTION
[INFO]
To see bug detail using the Spotbugs GUI, use the following command "mvn spotbugs:gui"
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@bookkeeper.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [bookkeeper] nicoloboschi commented on pull request #3167: [branch-4.14] Replace Log4J with Reload4J
Posted by GitBox <gi...@apache.org>.
nicoloboschi commented on pull request #3167:
URL: https://github.com/apache/bookkeeper/pull/3167#issuecomment-1085842686
>we should fix spotbugs errors on JDK8, CI is not passing (this deserves a separate patch)
PR for spotbugs on branch-4.14: https://github.com/apache/bookkeeper/pull/3170
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@bookkeeper.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [bookkeeper] nicoloboschi commented on pull request #3167: [branch-4.14] Replace Log4J with Reload4J
Posted by GitBox <gi...@apache.org>.
nicoloboschi commented on pull request #3167:
URL: https://github.com/apache/bookkeeper/pull/3167#issuecomment-1084947715
spotbugs won't pass until we merge the fix https://github.com/apache/bookkeeper/pull/3160
also the lib changes should not affect spotbugs anyway
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@bookkeeper.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org