MINOR: Note that slf4j-log4j in version 1.7.35+ should be used #12114
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Adds a note to the upgrade notes to use slf4j-log4j version 1.7.35+ [1] or slf4j-reload4j to avoid possible compatibility issues originating from the logging framework [2]. [1] https://www.slf4j.org/manual.html#swapping [2] https://www.slf4j.org/codes.html#no_tlm
|
Call for review: @ijuma |
ijuma
reviewed
May 2, 2022
| @@ -73,7 +73,11 @@ <h5><a id="upgrade_320_notable" href="#upgrade_320_notable">Notable changes in 3 | |||
| via Connect worker and/or connector configuration. Connect may enable idempotent producers | |||
| by default in a future major release.</li> | |||
| <li>Kafka has replaced log4j and slf4j-log4j12 with reload4j and slf4j-reload4j due to security concerns. | |||
There was a problem hiding this comment.
Maybe we can say something like:
<li>Kafka has replaced log4j and slf4j-log4j12 with reload4j and slf4j-reload4j due to security concerns. This only affects modules that specify a logging backend (`connect-runtime` and `kafka-tools` are two such examples). A number of modules, including `kafka-clients`, leave it to the application to specify the logging backend. More information can be found at <a href"https://reload4j.qos.ch">reload4j</a>. Projects that depend on the affected modules from the Kafka project should use <a href="https://www.slf4j.org/manual.html#swapping">slf4j-log4j12 version 1.7.35 or above</a> or slf4j-reload4j to avoid <a href="https://www.slf4j.org/codes.html#no_tlm">possible compatibility issues originating from the logging framework</a>.
There was a problem hiding this comment.
We should also update the same text in the 3.1 branch once we merge this.
There was a problem hiding this comment.
@ijuma changed the text as you proposed.
I will cherry-pick the commit to 3.2 and 3.1.
@tombentley Since this is just a doc change, we do not need a new RC, right? We can port the change directly to the doc repo in case RC1 passes the votes.
cadonna
added a commit
that referenced
this pull request
May 3, 2022
Adds a note to the upgrade notes to use slf4j-log4j version 1.7.35+ [1] or slf4j-reload4j to avoid possible compatibility issues originating from the logging framework [2]. [1] https://www.slf4j.org/manual.html#swapping [2] https://www.slf4j.org/codes.html#no_tlm Reviewer: Ismael Juma <ismael@juma.me.uk>
3 tasks
|
Cherry-picked to 3.2 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Adds a note to the upgrade notes to use slf4j-log4j version
1.7.35+ [1] or slf4j-reload4j to avoid possible compatibility issues
originating from the logging framework [2].
[1] https://www.slf4j.org/manual.html#swapping
[2] https://www.slf4j.org/codes.html#no_tlm
Committer Checklist (excluded from commit message)