+1 I am doing the same in Hadoop. On Fri, Jan 21, 2022 at 4:51 PM Viraj Jasani <[email protected]> wrote:
> +1 for Reload4J migration in active release branches. > > > On Fri, 21 Jan 2022 at 12:52 PM, Andrew Purtell <[email protected]> > wrote: > > > +1 for migrating to Reload4J. It is binary and configuration compatible > > with log4j 1 so meets our compatibility guidelines. > > > > If this is an agreeable plan I can make the changes in a PR and we can do > > a round of new releases. > > > > > On Jan 20, 2022, at 10:16 PM, Duo Zhang <[email protected]> wrote: > > > > > > On master we have already migrated to log4j2, but for all other > release > > > lines we are still on log4j1. > > > > > > Recently there are several new CVEs for log4j1, so I think we should > also > > > address them for release lines other than master. > > > > > > One possible solution is to also migrate log4j2 but use log4j12 bridge > to > > > maintain the compatibility, but we have already known that log4j12 > bridge > > > can not work perfectly with hadoop, as hadoop has some customized > log4j1 > > > appender implementations, which inherit some log4j1 appenders which are > > not > > > part of the log4j12 bridge. > > > > > > Reload4j is a fork of the log4j1 and has fixed the critical CVEs, so it > > is > > > less hurt to replace log4j with reload4j. > > > > > > Suggestions are welcomed. > > > > > > Thanks. Regards > > >
