Re: replacing log4j
If you are using slf4j, you can switch the log implementations between logback and log4j. Willem Jiang Twitter: willemjiang Weibo: 姜宁willem On Sun, May 29, 2022 at 11:09 PM Xiangdong Huang wrote: > > Hi, I suddenly consider one thing.. I remember IoTDB is using logback.. > rather than log4j... > --- > Xiangdong Huang > School of Software, Tsinghua University > > > > Jialin Qiao 于2022年5月25日周三 21:46写道: > > > Hi, > > > > +1 for the replacing. The PR is merged. > > > > Maybe the security issue is so critical that the author wants to get rid of > > it by renaming it... > > > > Thanks, > > — > > Jialin Qiao > > Apache IoTDB PMC > > > > > > HW-Chao Wang <576749...@qq.com.invalid> 于2022年5月24日周二 21:54写道: > > > > > yes, i will raise jira and alter it. > > > > > > > > > > > > ---Original--- > > > From: "Xiangdong Huang" > > Date: Tue, May 24, 2022 21:47 PM > > > To: "dev" > > Subject: Re: replacing log4j > > > > > > > > > I see, [1] introduces the reason that reload4j is born. > > > As it is just a modification in pom file and the project is forked from > > > log4j 1.2.17, I think it is fine. > > > > > > BTW, I feel very very confusing why log4j community ends the life of > > log4j > > > 1 > > > (and in the same time the initial author of log4j 1 forks an independent > > > project...) > > > > > > [1] https://reload4j.qos.ch/ > > > --- > > > Xiangdong Huang > > > School of Software, Tsinghua University > > > > > > 黄向东 > > > 清华大学 软件学院 > > > > > > > > > HW-Chao Wang <576749...@qq.com.invalid 于2022年5月24日周二 17:24写道: > > > > > > Because of the large amount of changes, the configuration file and > > > import > > > of each class have to change. > > > > > > > > > > > > > > > ---Original--- > > > From: "Xiangdong Huang" > > Date: Tue, May 24, 2022 17:17 PM > > > To: "dev" > > Subject: Re: replacing log4j > > > > > > > > > Hi, I wonder why not log4j2? any comparison in other communities? > > > --- > > > Xiangdong Huang > > > School of Software, Tsinghua University > > > > > > nbsp;黄向东 > > > 清华大学 软件学院 > > > > > > > > > HW-Chao Wang <576749...@qq.com.invalidgt; 于2022年5月24日周二 > > 16:23写道: > > > > > > gt; hi all , > > > gt; We need to consider replacing log4j1, because log4j1 is EOM > > > and has > > > some > > > gt; CVE vulnerabilities. Reload 4J is used to replace it. Other > > > open > > > source > > > gt; communities have been replaced. Refer to hbase-26691. > > > gt; Thanksamp;nbsp; > >
Re: replacing log4j
Hi, I suddenly consider one thing.. I remember IoTDB is using logback.. rather than log4j... --- Xiangdong Huang School of Software, Tsinghua University Jialin Qiao 于2022年5月25日周三 21:46写道: > Hi, > > +1 for the replacing. The PR is merged. > > Maybe the security issue is so critical that the author wants to get rid of > it by renaming it... > > Thanks, > — > Jialin Qiao > Apache IoTDB PMC > > > HW-Chao Wang <576749...@qq.com.invalid> 于2022年5月24日周二 21:54写道: > > > yes, i will raise jira and alter it. > > > > > > > > ---Original--- > > From: "Xiangdong Huang" > Date: Tue, May 24, 2022 21:47 PM > > To: "dev" > Subject: Re: replacing log4j > > > > > > I see, [1] introduces the reason that reload4j is born. > > As it is just a modification in pom file and the project is forked from > > log4j 1.2.17, I think it is fine. > > > > BTW, I feel very very confusing why log4j community ends the life of > log4j > > 1 > > (and in the same time the initial author of log4j 1 forks an independent > > project...) > > > > [1] https://reload4j.qos.ch/ > > --- > > Xiangdong Huang > > School of Software, Tsinghua University > > > > 黄向东 > > 清华大学 软件学院 > > > > > > HW-Chao Wang <576749...@qq.com.invalid 于2022年5月24日周二 17:24写道: > > > > Because of the large amount of changes, the configuration file and > > import > > of each class have to change. > > > > > > > > > > ---Original--- > > From: "Xiangdong Huang" > Date: Tue, May 24, 2022 17:17 PM > > To: "dev" > Subject: Re: replacing log4j > > > > > > Hi, I wonder why not log4j2? any comparison in other communities? > > --- > > Xiangdong Huang > > School of Software, Tsinghua University > > > > nbsp;黄向东 > > 清华大学 软件学院 > > > > > > HW-Chao Wang <576749...@qq.com.invalidgt; 于2022年5月24日周二 > 16:23写道: > > > > gt; hi all , > > gt; We need to consider replacing log4j1, because log4j1 is EOM > > and has > > some > > gt; CVE vulnerabilities. Reload 4J is used to replace it. Other > > open > > source > > gt; communities have been replaced. Refer to hbase-26691. > > gt; Thanksamp;nbsp; >
Re: replacing log4j
Hi, +1 for the replacing. The PR is merged. Maybe the security issue is so critical that the author wants to get rid of it by renaming it... Thanks, — Jialin Qiao Apache IoTDB PMC HW-Chao Wang <576749...@qq.com.invalid> 于2022年5月24日周二 21:54写道: > yes, i will raise jira and alter it. > > > > ---Original--- > From: "Xiangdong Huang" Date: Tue, May 24, 2022 21:47 PM > To: "dev" Subject: Re: replacing log4j > > > I see, [1] introduces the reason that reload4j is born. > As it is just a modification in pom file and the project is forked from > log4j 1.2.17, I think it is fine. > > BTW, I feel very very confusing why log4j community ends the life of log4j > 1 > (and in the same time the initial author of log4j 1 forks an independent > project...) > > [1] https://reload4j.qos.ch/ > --- > Xiangdong Huang > School of Software, Tsinghua University > > 黄向东 > 清华大学 软件学院 > > > HW-Chao Wang <576749...@qq.com.invalid 于2022年5月24日周二 17:24写道: > > Because of the large amount of changes, the configuration file and > import > of each class have to change. > > > > > ---Original--- > From: "Xiangdong Huang" Date: Tue, May 24, 2022 17:17 PM > To: "dev" Subject: Re: replacing log4j > > > Hi, I wonder why not log4j2? any comparison in other communities? > --- > Xiangdong Huang > School of Software, Tsinghua University > > nbsp;黄向东 > 清华大学 软件学院 > > > HW-Chao Wang <576749...@qq.com.invalidgt; 于2022年5月24日周二 16:23写道: > > gt; hi all , > gt; We need to consider replacing log4j1, because log4j1 is EOM > and has > some > gt; CVE vulnerabilities. Reload 4J is used to replace it. Other > open > source > gt; communities have been replaced. Refer to hbase-26691. > gt; Thanksamp;nbsp;
Re: replacing log4j
I see, [1] introduces the reason that reload4j is born. As it is just a modification in pom file and the project is forked from log4j 1.2.17, I think it is fine. BTW, I feel very very confusing why log4j community ends the life of log4j 1 (and in the same time the initial author of log4j 1 forks an independent project...) [1] https://reload4j.qos.ch/ --- Xiangdong Huang School of Software, Tsinghua University 黄向东 清华大学 软件学院 HW-Chao Wang <576749...@qq.com.invalid> 于2022年5月24日周二 17:24写道: > Because of the large amount of changes, the configuration file and import > of each class have to change. > > > > > ---Original--- > From: "Xiangdong Huang" Date: Tue, May 24, 2022 17:17 PM > To: "dev" Subject: Re: replacing log4j > > > Hi, I wonder why not log4j2? any comparison in other communities? > --- > Xiangdong Huang > School of Software, Tsinghua University > > 黄向东 > 清华大学 软件学院 > > > HW-Chao Wang <576749...@qq.com.invalid 于2022年5月24日周二 16:23写道: > > hi all , > We need to consider replacing log4j1, because log4j1 is EOM and has > some > CVE vulnerabilities. Reload 4J is used to replace it. Other open > source > communities have been replaced. Refer to hbase-26691. > Thanksnbsp;
Re: replacing log4j
Because of the large amount of changes, the configuration file and import of each class have to change. ---Original--- From: "Xiangdong Huang"
Re: replacing log4j
Hi, I wonder why not log4j2? any comparison in other communities? --- Xiangdong Huang School of Software, Tsinghua University 黄向东 清华大学 软件学院 HW-Chao Wang <576749...@qq.com.invalid> 于2022年5月24日周二 16:23写道: > hi all , > We need to consider replacing log4j1, because log4j1 is EOM and has some > CVE vulnerabilities. Reload 4J is used to replace it. Other open source > communities have been replaced. Refer to hbase-26691. > Thanks
replacing log4j
hi all , We need to consider replacing log4j1, because log4j1 is EOM and has some CVE vulnerabilities. Reload 4J is used to replace it. Other open source communities have been replaced. Refer to hbase-26691. Thanks
