You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@ozone.apache.org by GitBox <gi...@apache.org> on 2022/09/22 08:59:10 UTC

[GitHub] [ozone] adoroszlai opened a new pull request, #3773: HDDS-7251. Replace Log4j 1.x with Reload4j

adoroszlai opened a new pull request, #3773:
URL: https://github.com/apache/ozone/pull/3773

   ## What changes were proposed in this pull request?
   
   Log4j 1.x is EOL.  This PR proposes to replace it with Reload4j, which is a drop-in replacement with security updates.
   
   https://issues.apache.org/jira/browse/HDDS-7251
   
   ## How was this patch tested?
   
   Built locally.  Only Log4j 2 present in distribution:
   
   ```
   $ ls -1 hadoop-ozone/dist/target/ozone-1.3.0-SNAPSHOT/share/ozone/lib/*log4j*
   hadoop-ozone/dist/target/ozone-1.3.0-SNAPSHOT/share/ozone/lib/log4j-api-2.17.1.jar
   hadoop-ozone/dist/target/ozone-1.3.0-SNAPSHOT/share/ozone/lib/log4j-core-2.17.1.jar
   ```
   
   Verified no Log4j or Reload4j classes are present in shaded FS jars.
   
   Full CI:
   https://github.com/adoroszlai/hadoop-ozone/actions/runs/3101263414 (last commit only changed NOTICE, this run is for the previous commit)
   https://github.com/adoroszlai/hadoop-ozone/actions/runs/3103286435 (pending)


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org
For additional commands, e-mail: issues-help@ozone.apache.org

[GitHub] [ozone] jojochuang commented on a diff in pull request #3773: HDDS-7251. Replace Log4j 1.x with Reload4j

Posted by GitBox <gi...@apache.org>.

jojochuang commented on code in PR #3773:
URL: https://github.com/apache/ozone/pull/3773#discussion_r978021934


##########
hadoop-ozone/s3gateway/pom.xml:
##########
@@ -147,48 +147,6 @@
       <groupId>org.apache.ozone</groupId>
       <artifactId>hdds-hadoop-dependency-test</artifactId>
       <scope>test</scope>
-      <exclusions>

Review Comment:
   is this a related change?



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org
For additional commands, e-mail: issues-help@ozone.apache.org

[GitHub] [ozone] adoroszlai commented on a diff in pull request #3773: HDDS-7251. Replace Log4j 1.x with Reload4j

Posted by GitBox <gi...@apache.org>.

adoroszlai commented on code in PR #3773:
URL: https://github.com/apache/ozone/pull/3773#discussion_r978037909


##########
hadoop-ozone/s3gateway/pom.xml:
##########
@@ -147,48 +147,6 @@
       <groupId>org.apache.ozone</groupId>
       <artifactId>hdds-hadoop-dependency-test</artifactId>
       <scope>test</scope>
-      <exclusions>

Review Comment:
   Yes, it's related, but not strictly required.  I was trying to eliminate `log4j` coming as transitive dependency via various Hadoop test jars e.g. `hadoop-hdfs`.  I replaced dependence on `hadoop-hdfs` with `hdds-hadoop-dependency-test`.  Since the latter already excludes transitive dependencies, these local exclusions seemed unnecessary.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org
For additional commands, e-mail: issues-help@ozone.apache.org

[GitHub] [ozone] jojochuang merged pull request #3773: HDDS-7251. Replace Log4j 1.x with Reload4j

Posted by GitBox <gi...@apache.org>.

jojochuang merged PR #3773:
URL: https://github.com/apache/ozone/pull/3773


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org
For additional commands, e-mail: issues-help@ozone.apache.org

[GitHub] [ozone] adoroszlai commented on pull request #3773: HDDS-7251. Replace Log4j 1.x with Reload4j

Posted by GitBox <gi...@apache.org>.

adoroszlai commented on PR #3773:
URL: https://github.com/apache/ozone/pull/3773#issuecomment-1256471493

   Thanks @jojochuang for reviewing and merging this.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org
For additional commands, e-mail: issues-help@ozone.apache.org

[GitHub] [ozone] jojochuang commented on pull request #3773: HDDS-7251. Replace Log4j 1.x with Reload4j

Posted by GitBox <gi...@apache.org>.

jojochuang commented on PR #3773:
URL: https://github.com/apache/ozone/pull/3773#issuecomment-1256468977

   Merged. Thanks @adoroszlai 


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org
For additional commands, e-mail: issues-help@ozone.apache.org

[GitHub] [ozone] smengcl commented on a diff in pull request #3773: HDDS-7251. Replace Log4j 1.x with Reload4j

Posted by GitBox <gi...@apache.org>.

smengcl commented on code in PR #3773:
URL: https://github.com/apache/ozone/pull/3773#discussion_r981596380


##########
pom.xml:
##########
@@ -150,10 +150,11 @@ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xs
     <httpcore.version>4.4.13</httpcore.version>
 
     <!-- SLF4J/LOG4J version -->
-    <slf4j.version>1.7.30</slf4j.version>
+    <slf4j.version>1.7.36</slf4j.version>
     <log4j.version>1.2.17</log4j.version>

Review Comment:
   Thanks @adoroszlai for the patch.
   
   Looks like we can remove the `log4j.version` ? now that it is no longer being used.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org
For additional commands, e-mail: issues-help@ozone.apache.org