You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@impala.apache.org by "Joe McDonnell (Jira)" <ji...@apache.org> on 2022/09/29 17:57:00 UTC
[jira] [Created] (IMPALA-11628) Investigate replacing log4j with reload4j
Joe McDonnell created IMPALA-11628:
--------------------------------------
Summary: Investigate replacing log4j with reload4j
Key: IMPALA-11628
URL: https://issues.apache.org/jira/browse/IMPALA-11628
Project: IMPALA
Issue Type: Improvement
Components: Frontend
Affects Versions: Impala 4.2.0
Reporter: Joe McDonnell
log4j1 has been unmaintained and end of life for a while. Given the need for security and fixes for CVEs, this is unmaintainable. One option is to switch to log4j2, and that is tracked in IMPALA-9601. However, there is also the reload4j project (https://reload4j.qos.ch/) which is maintaining a patched log4j1.
If this is a drop-in replacement, then this may be an easier path in the short term. It sounds worth exploring.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)