[
https://issues.apache.org/jira/browse/ZOOKEEPER-4427?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17578106#comment-17578106
]
Chris Nauroth commented on ZOOKEEPER-4427:
------------------------------------------
Hello [~brahmareddy]. There was a lot of debate on this topic in January:
https://lists.apache.org/thread/s88lz39r48b9s3j2xxoz7ojdlotgj61d
Ultimately though, the community decided to proceed with moving to Logback.
FWIW, in some of my clusters, I'm swapping out the SLF4J runtime binding, so
that I can maintain backward compatibility with existing Log4j configuration
files. I documented the steps during the code review:
https://github.com/apache/zookeeper/pull/1793#pullrequestreview-857545860
> Migrate to Logback
> ------------------
>
> Key: ZOOKEEPER-4427
> URL: https://issues.apache.org/jira/browse/ZOOKEEPER-4427
> Project: ZooKeeper
> Issue Type: Improvement
> Components: other
> Affects Versions: 3.8.0
> Reporter: Andor Molnar
> Assignee: Andor Molnar
> Priority: Major
> Labels: log4j, logback, logging, pull-request-available
> Fix For: 3.8.0
>
> Time Spent: 7h
> Remaining Estimate: 0h
>
> Due to the recent issues with log4j2 the migration for another logging
> library has come up again. Although log4j1 is not impacted by the
> vulnerability, the upgrade to log4j2 was abandoned multiple times in ZK
> history.
> I suggest now to migrate to {{logback}} which is also a well-maintained and
> mature project as well as it's much easier to migrate from log4j1.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
