You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@zookeeper.apache.org by "Ceki Gülcü (Jira)" <ji...@apache.org> on 2022/05/12 09:24:00 UTC

[jira] [Commented] (ZOOKEEPER-2342) Migrate to Log4J 2.

    [ https://issues.apache.org/jira/browse/ZOOKEEPER-2342?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17535997#comment-17535997 ] 

Ceki Gülcü commented on ZOOKEEPER-2342:
---------------------------------------

[~rgoers] How difficult would it be to forward such CVE reports by email to support(at)qos.ch as indicated in the [reload4j security policy|https://github.com/qos-ch/reload4j/blob/master/SECURITY.md]? Assuming this is not too difficult, can you please forward them *if and when* they occur?

> Migrate to Log4J 2.
> -------------------
>
>                 Key: ZOOKEEPER-2342
>                 URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2342
>             Project: ZooKeeper
>          Issue Type: Bug
>            Reporter: Chris Nauroth
>            Assignee: Chris Nauroth
>            Priority: Major
>         Attachments: ZOOKEEPER-2342.001.patch
>
>
> ZOOKEEPER-1371 removed our source code dependency on Log4J.  It appears that this also removed the Log4J SLF4J binding jar from the runtime classpath.  Without any SLF4J binding jar available on the runtime classpath, it is impossible to write logs.
> This JIRA investigated migration to Log4J 2 as a possible path towards resolving the bug introduced by ZOOKEEPER-1371.  At this point, we know this is not feasible short-term.  This JIRA remains open to track long-term migration to Log4J 2.



--
This message was sent by Atlassian Jira
(v8.20.7#820007)