[
https://issues.apache.org/jira/browse/ZOOKEEPER-2342?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17535997#comment-17535997
]
Ceki Gülcü commented on ZOOKEEPER-2342:
---------------------------------------
[~rgoers] How difficult would it be to forward such CVE reports by email to
support(at)qos.ch as indicated in the [reload4j security
policy|https://github.com/qos-ch/reload4j/blob/master/SECURITY.md]? Assuming
this is not too difficult, can you please forward them *if and when* they occur?
> Migrate to Log4J 2.
> -------------------
>
> Key: ZOOKEEPER-2342
> URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2342
> Project: ZooKeeper
> Issue Type: Bug
> Reporter: Chris Nauroth
> Assignee: Chris Nauroth
> Priority: Major
> Attachments: ZOOKEEPER-2342.001.patch
>
>
> ZOOKEEPER-1371 removed our source code dependency on Log4J. It appears that
> this also removed the Log4J SLF4J binding jar from the runtime classpath.
> Without any SLF4J binding jar available on the runtime classpath, it is
> impossible to write logs.
> This JIRA investigated migration to Log4J 2 as a possible path towards
> resolving the bug introduced by ZOOKEEPER-1371. At this point, we know this
> is not feasible short-term. This JIRA remains open to track long-term
> migration to Log4J 2.
--
This message was sent by Atlassian Jira
(v8.20.7#820007)
