You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@kafka.apache.org by ca...@apache.org on 2022/03/30 19:41:17 UTC
[kafka] branch 3.1 updated: KAFKA-13660: Switch log4j12 to reload4j (#11743)
This is an automated email from the ASF dual-hosted git repository.
cadonna pushed a commit to branch 3.1
in repository https://gitbox.apache.org/repos/asf/kafka.git
The following commit(s) were added to refs/heads/3.1 by this push:
new 6401452 KAFKA-13660: Switch log4j12 to reload4j (#11743)
6401452 is described below
commit 640145267ca90a2a26bf0a2d4df65f707de45701
Author: Mike Lothian <mi...@fireburn.co.uk>
AuthorDate: Wed Mar 30 19:54:01 2022 +0100
KAFKA-13660: Switch log4j12 to reload4j (#11743)
This bumps the slf4j version to 1.7.36 and swaps out log4j 1.2.17 with
reload4j 1.2.19
Signed-off-by: Mike Lothian <mi...@fireburn.co.uk>
Reviewers: Luke Chen <sh...@gmail.com>, Ismael Juma <is...@juma.me.uk>, Bruno Cadonna <ca...@apache.org>
---
LICENSE-binary | 6 +++---
build.gradle | 2 ++
docs/upgrade.html | 2 ++
gradle/dependencies.gradle | 6 +++---
4 files changed, 10 insertions(+), 6 deletions(-)
diff --git a/LICENSE-binary b/LICENSE-binary
index 1636e31..68d051b 100644
--- a/LICENSE-binary
+++ b/LICENSE-binary
@@ -232,7 +232,6 @@ jetty-util-ajax-9.4.44.v20210927
jersey-common-2.34
jersey-server-2.34
jose4j-0.7.8
-log4j-1.2.17
lz4-java-1.8.0
maven-artifact-3.8.1
metrics-core-2.2.0
@@ -248,6 +247,7 @@ netty-transport-native-epoll-4.1.73.Final
netty-transport-native-unix-common-4.1.73.Final
netty-transport-classes-epoll-4.1.73.Final
plexus-utils-3.2.1
+reload4j-1.2.19
rocksdbjni-6.22.1.1
scala-collection-compat_2.13-2.4.4
scala-library-2.13.6
@@ -301,8 +301,8 @@ MIT License
argparse4j-0.7.0, see: licenses/argparse-MIT
jopt-simple-5.0.4, see: licenses/jopt-simple-MIT
-slf4j-api-1.7.30, see: licenses/slf4j-MIT
-slf4j-log4j12-1.7.30, see: licenses/slf4j-MIT
+slf4j-api-1.7.36, see: licenses/slf4j-MIT
+slf4j-reload4j-1.7.36, see: licenses/slf4j-MIT
---------------------------------------
BSD 2-Clause
diff --git a/build.gradle b/build.gradle
index b7ebd97..308d718 100644
--- a/build.gradle
+++ b/build.gradle
@@ -93,6 +93,8 @@ allprojects {
}
}
}
+
+ task printAllDependencies(type: DependencyReportTask) {}
}
ext {
diff --git a/docs/upgrade.html b/docs/upgrade.html
index aa3a503..d4dd0fb 100644
--- a/docs/upgrade.html
+++ b/docs/upgrade.html
@@ -72,6 +72,8 @@
Users can change this behavior to enable idempotence for some or all producers
via Connect worker and/or connector configuration. Connect may enable idempotent producers
by default in a future major release.</li>
+ <li>Kafka has replaced log4j and slf4j-log4j12 with reload4j and slf4j-reload4j due to security concerns.
+ More information can be found at <a href"https://reload4j.qos.ch">reload4j</a>.</li>
</ul>
<h5><a id="upgrade_310_notable" href="#upgrade_310_notable">Notable changes in 3.1.0</a></h5>
diff --git a/gradle/dependencies.gradle b/gradle/dependencies.gradle
index c5870f7..0d77eb9 100644
--- a/gradle/dependencies.gradle
+++ b/gradle/dependencies.gradle
@@ -74,7 +74,6 @@ versions += [
jline: "3.12.1",
jmh: "1.32",
hamcrest: "2.2",
- log4j: "1.2.17",
scalaLogging: "3.9.3",
jaxb: "2.3.0",
jaxrs: "2.1.1",
@@ -105,12 +104,13 @@ versions += [
netty: "4.1.73.Final",
powermock: "2.0.9",
reflections: "0.9.12",
+ reload4j: "1.2.19",
rocksDB: "6.22.1.1",
scalaCollectionCompat: "2.4.4",
scalafmt: "2.7.5",
scalaJava8Compat : "1.0.0",
scoverage: "1.4.1",
- slf4j: "1.7.30",
+ slf4j: "1.7.36",
snappy: "1.1.8.4",
spotbugs: "4.2.2",
zinc: "1.3.5",
@@ -173,7 +173,7 @@ libs += [
kafkaStreams_26: "org.apache.kafka:kafka-streams:$versions.kafka_26",
kafkaStreams_27: "org.apache.kafka:kafka-streams:$versions.kafka_27",
kafkaStreams_28: "org.apache.kafka:kafka-streams:$versions.kafka_28",
- log4j: "log4j:log4j:$versions.log4j",
+ log4j: "ch.qos.reload4j:reload4j:$versions.reload4j",
lz4: "org.lz4:lz4-java:$versions.lz4",
metrics: "com.yammer.metrics:metrics-core:$versions.metrics",
dropwizardMetrics: "io.dropwizard.metrics:metrics-core:$versions.dropwizardMetrics",