Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

update log4j to 2.15 #396

Open
zz-jason opened this issue Dec 13, 2021 · 1 comment · May be fixed by #413
Open

update log4j to 2.15 #396

zz-jason opened this issue Dec 13, 2021 · 1 comment · May be fixed by #413
Assignees
@iosmanthus

Comments

@zz-jason
Copy link
Member

zz-jason commented Dec 13, 2021
edited
Loading

Is your feature request related to a problem? Please describe.

currently, client-java depends on log4j 1.2.17, although it isn't affected by CVE-2021-44228, it has the following problems:

  1. it's affected by CVE-2019-17571
  2. it doesn't support Lambda expression to lazily evaluate the parameters, which impact the service performance

Describe the solution you'd like

Upgrade log4j to 2.15, refactor heavy string conversions to Lamdba expression in performance-critical pathes

Describe alternatives you've considered

N/A

Additional context

N/A
@iosmanthus iosmanthus linked a pull request Dec 16, 2021 that will close this issue
Open
@github-actions
Copy link

This issue is stale because it has been open 30 days with no activity.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@iosmanthus iosmanthus

Labels
None yet
Projects
Java Client Sprint Workbook
Status: WIP
TiKV Java Client Sprint
Status: In Progress
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

[close #396] upgrade log4j and slf4j iosmanthus/client-java
3 participants
@zhangyangyu @zz-jason @iosmanthus