-
Notifications
You must be signed in to change notification settings - Fork 113
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[close #396] upgrade log4j and slf4j #413
base: master
Are you sure you want to change the base?
Conversation
Signed-off-by: iosmanthus <[email protected]>
<log4j.version>1.2.17</log4j.version> | ||
<slf4j.version>1.7.16</slf4j.version> | ||
<log4j.version>2.15</log4j.version> | ||
<slf4j.version>2.0.0-alpha5</slf4j.version> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
why using the alpha version of log4j?
@@ -30,6 +30,7 @@ | |||
import org.tikv.service.failsafe.CircuitBreaker; | |||
|
|||
public class SmartRawKVClient implements RawKVClientBase { | |||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why add this empty line? Is it caused by the formater?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes
@@ -63,8 +63,8 @@ | |||
<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding> | |||
<rocksdb.version>6.22.1.1</rocksdb.version> | |||
<protobuf.version>3.5.1</protobuf.version> | |||
<log4j.version>1.2.17</log4j.version> | |||
<slf4j.version>1.7.16</slf4j.version> | |||
<log4j.version>2.15</log4j.version> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
should it be 2.15.0
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It is recommended to upgrade to 2.17.1
, which fixes all known vulnerabilities, see: https://logging.apache.org/log4j/2.x/security.html.
@@ -178,7 +179,7 @@ public void onNext(final ChangeDataEvent event) { | |||
} | |||
|
|||
private void submitEvent(final CDCEvent event) { | |||
LOGGER.debug("submit event: {}", event); | |||
LOGGER.atDebug().log("submit event: {}", event); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The original code is simpler and the performance is the same.
http://www.slf4j.org/faq.html#logging_performance
This PR is stale because it has been open 30 days with no activity. Remove the status/stale label or comment or this PR will be closed in 7 days. |
Signed-off-by: iosmanthus [email protected]
What problem does this PR solve?
Issue Number: close #396
Problem Description: this pull request upgrade the log4j and slf4j to avoid some security issues and improve the performance while a higher log level is set. In addition, this pull request eliminates the code of log level detections which is really annoying. For now, this pull request only focuses on the DEBUG log, instead of the higher-level logs.
What is changed and how it works?
Use slf4j 2.0's fluent API to eliminate the log level check and use lambda syntax to enable lazy log string evaluation.
Check List for Tests
This PR has been tested by the at least one of the following methods: