You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@impala.apache.org by "Joe McDonnell (Jira)" <ji...@apache.org> on 2022/09/29 17:57:00 UTC

[jira] [Created] (IMPALA-11628) Investigate replacing log4j with reload4j

Joe McDonnell created IMPALA-11628:
--------------------------------------

             Summary: Investigate replacing log4j with reload4j
                 Key: IMPALA-11628
                 URL: https://issues.apache.org/jira/browse/IMPALA-11628
             Project: IMPALA
          Issue Type: Improvement
          Components: Frontend
    Affects Versions: Impala 4.2.0
            Reporter: Joe McDonnell


log4j1 has been unmaintained and end of life for a while. Given the need for security and fixes for CVEs, this is unmaintainable. One option is to switch to log4j2, and that is tracked in IMPALA-9601. However, there is also the reload4j project (https://reload4j.qos.ch/) which is maintaining a patched log4j1.

If this is a drop-in replacement, then this may be an easier path in the short term. It sounds worth exploring.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)