Re: [DISCUSS] Log4j2 in ZooKeeper
Il Gio 8 Ott 2020, 20:24 Patrick Hunt ha scritto: > On Thu, Oct 8, 2020 at 11:00 AM Tamas Penzes > wrote: > > > Hi All, > > > > I would open a discussion about log4j2 update. > > Would we consider going up to log4j2 in a minor release (e.g. 3.7) or > only > > in a major one, like 4.0? > > The latest log4j1 version (1.2.17) is really old and vulnerable, but > log4j2 > > has a different config format, which means users should adopt their > config > > files when updating ZooKeeper. > > Afaik we are compatible with both of them because of slf4j, but the > default > > is log4j1 at the moment. > > > > What do you think about going up to log4j2 with 3.7? > I am fine with 3.7. As we are using slf4j users will be able to revert just by trading the appropriate jars inside the lib directory. > > > > Tamaas there's lots of background on this jira: > https://issues.apache.org/jira/browse/ZOOKEEPER-2342 > In particular concern with b/w compat. There is also a patch attached. > > Is there a way we can provide run time selection without impacting code in > a non-bw compatible way? Have other projects been able to solve this? > The main concern is about the logging configuration file on the server, isn't it? I don't know if it is common to override it. On the client side it is slf4j that rules. Enrico > Patrick > > > > Thanks, Tamaas > > >
Re: [DISCUSS] Log4j2 in ZooKeeper
On Thu, Oct 8, 2020 at 11:00 AM Tamas Penzes wrote: > Hi All, > > I would open a discussion about log4j2 update. > Would we consider going up to log4j2 in a minor release (e.g. 3.7) or only > in a major one, like 4.0? > The latest log4j1 version (1.2.17) is really old and vulnerable, but log4j2 > has a different config format, which means users should adopt their config > files when updating ZooKeeper. > Afaik we are compatible with both of them because of slf4j, but the default > is log4j1 at the moment. > > What do you think about going up to log4j2 with 3.7? > > Tamaas there's lots of background on this jira: https://issues.apache.org/jira/browse/ZOOKEEPER-2342 In particular concern with b/w compat. There is also a patch attached. Is there a way we can provide run time selection without impacting code in a non-bw compatible way? Have other projects been able to solve this? Patrick > Thanks, Tamaas >
Re: ZooKeeper 3.7 timeline? C SASL backport?
Hi All, Let me add my two cents. As I have done some cleanups and version updates recently I'd like to get the following changes in 3.7: - ZOOKEEPER-3956 - ZOOKEEPER-3958 These are the ones already waiting for review/commit and I think they would worth to get in before someone cuts a release. Thanks, Tamaas On Wed, Oct 7, 2020 at 12:04 PM Enrico Olivelli wrote: > Sorry Damien, > I thought I had answered to you but my message was never sent :-( > > I think that master branch is in very good shape and we had feedback from > users about 3.6.x, in fact we already released 3.6.1 and 3.6.2. > > Cutting 3.7.0 will also be a sign that the current "stable" version is > 3.6., and this is very good. > > Let's see if any committer volunteers to cut the release. > I will have time by the end of the month if no one else is available > > Enrico > > > Il giorno mer 7 ott 2020 alle ore 11:01 Damien Diederen < > ddiede...@sinenomine.net> ha scritto: > > > > > Hello, everybody. > > > > Would you have any feedback on this? > > > > Cheers, -D > > > > > > > > Damien Diederen writes: > > > Greetings, all, > > > > > > I haven't initially tried to get the C SASL patches integrated in the > > > 3.6 branch, as they were not very mature and as I had noticed the > > > increased release cadence in the project. > > > > > > But I am now wondering: do we already have a time horizon for ZooKeeper > > > 3.7? Or are we waiting for a sufficient number of features to > > > "accumulate" in master? > > > > > > (I understand that each branch causes additional overhead, and that we > > > may not want to have a long ladder of cherry-picks for each patch > coming > > > in.) > > > > > > In case there aren't any short-term plans, I would like to backport the > > > C and Perl SASL patches to 3.6, as they've now matured a fair bit and > as > > > those patches shouldn't impact the rest of the system. > > > > > > What do you think? > > > > > > Cheers, -D > > >
[DISCUSS] Log4j2 in ZooKeeper
Hi All, I would open a discussion about log4j2 update. Would we consider going up to log4j2 in a minor release (e.g. 3.7) or only in a major one, like 4.0? The latest log4j1 version (1.2.17) is really old and vulnerable, but log4j2 has a different config format, which means users should adopt their config files when updating ZooKeeper. Afaik we are compatible with both of them because of slf4j, but the default is log4j1 at the moment. What do you think about going up to log4j2 with 3.7? Thanks, Tamaas