You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@impala.apache.org by "Michael Smith (Jira)" <ji...@apache.org> on 2022/10/12 16:57:00 UTC

[jira] [Resolved] (IMPALA-11628) Investigate replacing log4j with reload4j

     [ https://issues.apache.org/jira/browse/IMPALA-11628?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Michael Smith resolved IMPALA-11628.
------------------------------------
    Fix Version/s: Impala 4.2.0
       Resolution: Fixed

> Investigate replacing log4j with reload4j
> -----------------------------------------
>
>                 Key: IMPALA-11628
>                 URL: https://issues.apache.org/jira/browse/IMPALA-11628
>             Project: IMPALA
>          Issue Type: Improvement
>          Components: Frontend
>    Affects Versions: Impala 4.2.0
>            Reporter: Joe McDonnell
>            Assignee: Michael Smith
>            Priority: Major
>             Fix For: Impala 4.2.0
>
>
> log4j1 has been unmaintained and end of life for a while. Given the need for security and fixes for CVEs, this is unmaintainable. One option is to switch to log4j2, and that is tracked in IMPALA-9601. However, there is also the reload4j project (https://reload4j.qos.ch/) which is maintaining a patched log4j1.
> If this is a drop-in replacement, then this may be an easier path in the short term. It sounds worth exploring.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)