[GitHub] [zookeeper] li4wang commented on pull request #1802: ZOOKEEPER-4455: Move to https://reload4j.qos.ch/ (remove log4j1)
li4wang commented on pull request #1802: URL: https://github.com/apache/zookeeper/pull/1802#issuecomment-1080880951 Thanks @eolivelli and others for getting this in. Really appreciated. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@zookeeper.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [zookeeper] li4wang commented on pull request #1802: ZOOKEEPER-4455: Move to https://reload4j.qos.ch/ (remove log4j1)
li4wang commented on pull request #1802: URL: https://github.com/apache/zookeeper/pull/1802#issuecomment-1075442960 Any updates on this @eolivelli ? We are in the process of deploying 3.7 to production. It would be great if this issue can be addressed. Please let me know if anything I can help with. Thanks. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@zookeeper.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [zookeeper] li4wang commented on pull request #1802: ZOOKEEPER-4455: Move to https://reload4j.qos.ch/ (remove log4j1)
li4wang commented on pull request #1802: URL: https://github.com/apache/zookeeper/pull/1802#issuecomment-1065398600 Thanks for looking into this @eolivelli For the Vulnerability issue reported from slf4j-log4j12, how about updating slf4j version from `1.7.30` to `1.7.35`? Another thing we can try is replacing slf4j-log4j12 with slf4j-reload4j for the binding after upgrading slf4j to 1.7.35. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@zookeeper.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [zookeeper] li4wang commented on pull request #1802: ZOOKEEPER-4455: Move to https://reload4j.qos.ch/ (remove log4j1)
li4wang commented on pull request #1802: URL: https://github.com/apache/zookeeper/pull/1802#issuecomment-106472 Would it be possible to get this PR merged soon? Please let me know if anything I can help with. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@zookeeper.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [zookeeper] li4wang commented on pull request #1802: ZOOKEEPER-4455: Move to https://reload4j.qos.ch/ (remove log4j1)
li4wang commented on pull request #1802: URL: https://github.com/apache/zookeeper/pull/1802#issuecomment-1049279741 > The only issues I saw was the removal of the JMX MBean stuff, but ZooKeeper should already handle that fine. Yeah, I noticed JMX MBean stuff was removed from reload4j-1.2.18.5 and 1.2.19, but I don't know if the removal was intended and permanent. I posted a message to the reload4j distribution list but haven't got response yet. I replaced log4j1.2.17 with reload4j-1.2.18.3 and slf4j-reload4j-1.7.35 for the legacy Zookeeper 3.4 release and it works great. How does Zookeeper handle missing JMX package? It looks like it still tries to instantiate the `org.apache.log4j.jmx.HierarchyDynamicMBean ` at the runtime. https://github.com/apache/zookeeper/blob/master/zookeeper-server/src/main/java/org/apache/zookeeper/jmx/ManagedUtil.java#L68 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@zookeeper.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [zookeeper] li4wang commented on pull request #1802: ZOOKEEPER-4455: Move to https://reload4j.qos.ch/ (remove log4j1)
li4wang commented on pull request #1802: URL: https://github.com/apache/zookeeper/pull/1802#issuecomment-1049242463 > Note that reload4j is not 100% compatible with Log4j 1.2. According to the Reload4j website, reload4j is a fork of log4j1.2 and supposed to be a drop-in replacement for log4j.1.2.17. Any info on what and why it is not 100% compatible with Log4j 1.2? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@zookeeper.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org