Uploaded image for project: 'ZooKeeper'
  1. ZooKeeper
  2. ZOOKEEPER-4427

Migrate to Logback

VotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    Description

      Due to the recent issues with log4j2 the migration for another logging library has come up again. Although log4j1 is not impacted by the vulnerability, the upgrade to log4j2 was abandoned multiple times in ZK history.

      I suggest now to migrate to logback which is also a well-maintained and mature project as well as it's much easier to migrate from log4j1.

      Attachments

        Issue Links

        causes

        Bug - A problem which impairs or prevents the functions of the product. ZOOKEEPER-4763 Logback dependency should be scope provided/test

        • Major - Major loss of function.
        • Open
        is duplicated by

        Bug - A problem which impairs or prevents the functions of the product. ZOOKEEPER-4451 vulnerable version of log4j (1.2.15/12.16) is being used in Zookeeper

        • Critical - Crashes, loss of data, severe memory leak.
        • Resolved

        Bug - A problem which impairs or prevents the functions of the product. ZOOKEEPER-4450 Zookeeper 3.7.0 is using Vulnerable log4j of 1.2.17

        • Major - Major loss of function.
        • Resolved
        is related to

        Question - A formal question. Initially added for the Legal JIRA. LEGAL-594 How do projects handle dual-licensed dependencies?

        • Major - Major loss of function.
        • Closed

        Question - A formal question. Initially added for the Legal JIRA. LEGAL-595 Correct handling of a dual-licensed dependency

        • Major - Major loss of function.
        • Closed
        relates to

        Bug - A problem which impairs or prevents the functions of the product. ZOOKEEPER-4452 Log4j 1.X CVE-2022-23302/5/7 vulnerabilities

        • Major - Major loss of function.
        • Closed
        supercedes

        Bug - A problem which impairs or prevents the functions of the product. ZOOKEEPER-2342 Migrate to Log4J 2.

        • Major - Major loss of function.
        • Resolved
        links to

        Web Link GitHub Pull Request #1793

        Activity
          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            andor Andor Molnar
            andor Andor Molnar
            Votes:
            1 Vote for this issue
            Watchers:
            16 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Time Tracking

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - 0h
                0h
                Logged:
                Time Spent - 8.5h
                8.5h

                Slack

                  Issue deployment