[ https://issues.apache.org/jira/browse/HBASE-26691?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17498266#comment-17498266 ]
Andrew Kyle Purtell commented on HBASE-26691: --------------------------------------------- Approved the PR with some minor comments. Apologies for the delay in review. > Replacing log4j with reload4j for branch-2.x > -------------------------------------------- > > Key: HBASE-26691 > URL: https://issues.apache.org/jira/browse/HBASE-26691 > Project: HBase > Issue Type: Task > Components: logging > Reporter: Duo Zhang > Assignee: Duo Zhang > Priority: Critical > Fix For: 2.5.0, 2.6.0 > > > There are several new CVEs for log4j1 now. > As it is not suitable to upgrade to log4j2 for 2.x releases, let's replace > the log4j1 dependencies with reload4j. -- This message was sent by Atlassian Jira (v8.20.1#820001)