You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@impala.apache.org by jo...@apache.org on 2022/10/11 21:23:56 UTC
[impala] branch master updated: IMPALA-11628: Switch to reload4j, update slf4j
This is an automated email from the ASF dual-hosted git repository.
joemcdonnell pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/impala.git
The following commit(s) were added to refs/heads/master by this push:
new a1fddf102 IMPALA-11628: Switch to reload4j, update slf4j
a1fddf102 is described below
commit a1fddf1022b76d5226fe9d77f059f37bdee46c13
Author: Michael Smith <mi...@cloudera.com>
AuthorDate: Thu Oct 6 10:43:36 2022 -0700
IMPALA-11628: Switch to reload4j, update slf4j
Switches from log4j 1.x to reload4j, a maintained fork. Updates slf4j to
the latest version so we can include all CVE fixes.
slf4j 2.0.x requires Java 8 and adds a backward-compatible fluent
logging api. Neither seems like a problem for Impala.
Bans all use of log4j 1.x so we only use reload4j.
Change-Id: I5238b9c8247af3e0f4cb05c0b76a75bfee37f5c8
Reviewed-on: http://gerrit.cloudera.org:8080/19102
Tested-by: Impala Public Jenkins <im...@cloudera.com>
Reviewed-by: Joe McDonnell <jo...@cloudera.com>
---
fe/pom.xml | 25 ++++++++++++++++++++++++-
java/executor-deps/pom.xml | 16 ++++++++++++++++
java/pom.xml | 2 +-
java/yarn-extras/pom.xml | 4 ++++
4 files changed, 45 insertions(+), 2 deletions(-)
diff --git a/fe/pom.xml b/fe/pom.xml
index 053a84f86..a2f59c912 100644
--- a/fe/pom.xml
+++ b/fe/pom.xml
@@ -69,6 +69,14 @@ under the License.
<groupId>net.minidev</groupId>
<artifactId>json-smart</artifactId>
</exclusion>
+ <exclusion>
+ <groupId>org.slf4j</groupId>
+ <artifactId>slf4j-log4j12</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>log4j</groupId>
+ <artifactId>log4j</artifactId>
+ </exclusion>
</exclusions>
</dependency>
@@ -133,6 +141,10 @@ under the License.
<groupId>org.apache.logging.log4j</groupId>
<artifactId>log4j-1.2-api</artifactId>
</exclusion>
+ <exclusion>
+ <groupId>log4j</groupId>
+ <artifactId>log4j</artifactId>
+ </exclusion>
</exclusions>
</dependency>
@@ -155,6 +167,10 @@ under the License.
<groupId>org.apache.logging.log4j</groupId>
<artifactId>log4j-1.2-api</artifactId>
</exclusion>
+ <exclusion>
+ <groupId>log4j</groupId>
+ <artifactId>log4j</artifactId>
+ </exclusion>
<exclusion>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-core</artifactId>
@@ -315,7 +331,7 @@ under the License.
<dependency>
<groupId>org.slf4j</groupId>
- <artifactId>slf4j-log4j12</artifactId>
+ <artifactId>slf4j-reload4j</artifactId>
<version>${slf4j.version}</version>
</dependency>
@@ -432,6 +448,10 @@ under the License.
<groupId>org.apache.logging.log4j</groupId>
<artifactId>log4j-1.2-api</artifactId>
</exclusion>
+ <exclusion>
+ <groupId>log4j</groupId>
+ <artifactId>log4j</artifactId>
+ </exclusion>
<!-- We should exclude hive-serde since it brings along a
different version of flatbuffers causing problems for loading tables -->
<exclusion>
@@ -843,8 +863,11 @@ under the License.
<exclude>ant-contrib:*</exclude>
<exclude>org.apache.ant:*</exclude>
<exclude>org.eclipse.jetty:*</exclude>
+ <!-- We use reload4j, avoid all log4j 1.x implementations -->
<exclude>org.apache.logging.log4j:log4j-slf4j-impl</exclude>
<exclude>org.apache.logging.log4j:log4j-1.2-api</exclude>
+ <exclude>log4j:log4j</exclude>
+ <exclude>org.slf4j:slf4j-log4j12</exclude>
<!-- IMPALA-9108: Avoid pulling in leveldbjni, which is unneeded. -->
<exclude>org.fusesource.leveldbjni:*</exclude>
<!-- IMPALA-9647 (re: CVE-2014-3577, CVE-2015-5262) -->
diff --git a/java/executor-deps/pom.xml b/java/executor-deps/pom.xml
index f219c2f25..e187a8562 100644
--- a/java/executor-deps/pom.xml
+++ b/java/executor-deps/pom.xml
@@ -85,6 +85,14 @@ under the License.
<groupId>com.sun.jersey</groupId>
<artifactId>jersey-servlet</artifactId>
</exclusion>
+ <exclusion>
+ <groupId>org.slf4j</groupId>
+ <artifactId>slf4j-log4j12</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>log4j</groupId>
+ <artifactId>log4j</artifactId>
+ </exclusion>
</exclusions>
</dependency>
@@ -109,6 +117,14 @@ under the License.
<groupId>org.eclipse.jetty</groupId>
<artifactId>*</artifactId>
</exclusion>
+ <exclusion>
+ <groupId>org.slf4j</groupId>
+ <artifactId>slf4j-log4j12</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>log4j</groupId>
+ <artifactId>log4j</artifactId>
+ </exclusion>
</exclusions>
</dependency>
diff --git a/java/pom.xml b/java/pom.xml
index d3d49ff91..c734a21bb 100644
--- a/java/pom.xml
+++ b/java/pom.xml
@@ -54,7 +54,7 @@ under the License.
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<kudu.version>${env.IMPALA_KUDU_VERSION}</kudu.version>
<commons-io.version>2.6</commons-io.version>
- <slf4j.version>1.7.30</slf4j.version>
+ <slf4j.version>2.0.3</slf4j.version>
<junit.version>4.12</junit.version>
<!-- Beware compatibility requirements with Thrift and
KMS; see IMPALA-4210. -->
diff --git a/java/yarn-extras/pom.xml b/java/yarn-extras/pom.xml
index b44049479..368273afc 100644
--- a/java/yarn-extras/pom.xml
+++ b/java/yarn-extras/pom.xml
@@ -100,6 +100,10 @@
<groupId>com.sun.jersey</groupId>
<artifactId>jersey-servlet</artifactId>
</exclusion>
+ <exclusion>
+ <groupId>log4j</groupId>
+ <artifactId>log4j</artifactId>
+ </exclusion>
</exclusions>
</dependency>
</dependencies>