You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@activemq.apache.org by "ASF subversion and git services (Jira)" <ji...@apache.org> on 2021/09/01 11:48:00 UTC
[jira] [Commented] (ARTEMIS-3453) exclude transitive log4j dep from
zookeeper usage
[ https://issues.apache.org/jira/browse/ARTEMIS-3453?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17408111#comment-17408111 ]
ASF subversion and git services commented on ARTEMIS-3453:
----------------------------------------------------------
Commit 359b919e7f6ab3cb0d8d66c07dc26730504a96db in activemq-artemis's branch refs/heads/main from Robbie Gemmell
[ https://gitbox.apache.org/repos/asf?p=activemq-artemis.git;h=359b919 ]
ARTEMIS-3453: exclude log4j + slf4j-log4j12 transitive deps via zookeeper dependencyManagement entry
> exclude transitive log4j dep from zookeeper usage
> -------------------------------------------------
>
> Key: ARTEMIS-3453
> URL: https://issues.apache.org/jira/browse/ARTEMIS-3453
> Project: ActiveMQ Artemis
> Issue Type: Task
> Affects Versions: 2.18.0
> Reporter: Robbie Gemmell
> Priority: Major
> Fix For: 2.19.0
>
> Time Spent: 1h 40m
> Remaining Estimate: 0h
>
> The quorum bits introduced in ARTEMIS-2716 in 2.18.0 use Zookeeper, which brings a transitive dependency on log4j 1.2.17, which is end of life. Although log4j 1.2.17 was not included in the distribution archives, it still a transitive dependency of some of the modules that use these quorum bits.
> The original change does look to exclude slf4j-log4j12, but this doesnt exclude log4j itself which is also a direct dependency of zookeeper (ironically, it seems not for direct logging, but only some JMX feature, with slf4j used for the actual logging). It should also be excluded.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)