You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@impala.apache.org by "Michael Smith (Jira)" <ji...@apache.org> on 2022/10/12 16:57:00 UTC
[jira] [Resolved] (IMPALA-11628) Investigate replacing log4j with reload4j
[ https://issues.apache.org/jira/browse/IMPALA-11628?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Michael Smith resolved IMPALA-11628.
------------------------------------
Fix Version/s: Impala 4.2.0
Resolution: Fixed
> Investigate replacing log4j with reload4j
> -----------------------------------------
>
> Key: IMPALA-11628
> URL: https://issues.apache.org/jira/browse/IMPALA-11628
> Project: IMPALA
> Issue Type: Improvement
> Components: Frontend
> Affects Versions: Impala 4.2.0
> Reporter: Joe McDonnell
> Assignee: Michael Smith
> Priority: Major
> Fix For: Impala 4.2.0
>
>
> log4j1 has been unmaintained and end of life for a while. Given the need for security and fixes for CVEs, this is unmaintainable. One option is to switch to log4j2, and that is tracked in IMPALA-9601. However, there is also the reload4j project (https://reload4j.qos.ch/) which is maintaining a patched log4j1.
> If this is a drop-in replacement, then this may be an easier path in the short term. It sounds worth exploring.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)