Hi, +1 for the replacing. The PR is merged.
Maybe the security issue is so critical that the author wants to get rid of it by renaming it... Thanks, ————————————————— Jialin Qiao Apache IoTDB PMC HW-Chao Wang <[email protected]> 于2022年5月24日周二 21:54写道: > yes, i will raise jira and alter it. > > > > ---Original--- > From: "Xiangdong Huang"<[email protected]> > Date: Tue, May 24, 2022 21:47 PM > To: "dev"<[email protected]>; > Subject: Re: replacing log4j > > > I see, [1] introduces the reason that reload4j is born. > As it is just a modification in pom file and the project is forked from > log4j 1.2.17, I think it is fine. > > BTW, I feel very very confusing why log4j community ends the life of log4j > 1 > (and in the same time the initial author of log4j 1 forks an independent > project...) > > [1] https://reload4j.qos.ch/ > ----------------------------------- > Xiangdong Huang > School of Software, Tsinghua University > > 黄向东 > 清华大学 软件学院 > > > HW-Chao Wang <[email protected]> 于2022年5月24日周二 17:24写道: > > > Because of the large amount of changes, the configuration file and > import > > of each class have to change. > > > > > > > > > > ---Original--- > > From: "Xiangdong Huang"<[email protected]&gt; > > Date: Tue, May 24, 2022 17:17 PM > > To: "dev"<[email protected]&gt;; > > Subject: Re: replacing log4j > > > > > > Hi, I wonder why not log4j2? any comparison in other communities? > > ----------------------------------- > > Xiangdong Huang > > School of Software, Tsinghua University > > > > &nbsp;黄向东 > > 清华大学 软件学院 > > > > > > HW-Chao Wang <[email protected]&gt; 于2022年5月24日周二 16:23写道: > > > > &gt; hi all , > > &gt; We need to consider replacing log4j1, because log4j1 is EOM > and has > > some > > &gt; CVE vulnerabilities. Reload 4J is used to replace it. Other > open > > source > > &gt; communities have been replaced. Refer to hbase-26691. > > &gt; Thanks&amp;nbsp;
