Hi Wei-Chiu Chuang,
I think a bigger question is whether or not we have someone who would like to volunteer to be a release manager for the 2.10.2 release. The last 2.x release was over a year ago.
I can take a RM role if there are needs. Thanks, Masatake Iwasaki On 2022/03/02 5:54, Wei-Chiu Chuang wrote:
On Wed, Mar 2, 2022 at 2:43 AM Brent <[email protected] <mailto:[email protected]>> wrote: Hey all, I've been trying to go through Jira issues and mailing list archives to understand ongoing plans for Log4j 1.x upgrades. I know technically Hadoop is not listed as vulnerable, but some more cautious organizations are looking to upgrade anyway. It seems like 3.4.x and beyond releases are talking about moving to Log4j2 or Logback (per https://issues.apache.org/jira/browse/HADOOP-12956 <https://issues.apache.org/jira/browse/HADOOP-12956> and https://issues.apache.org/jira/browse/HADOOP-16206 <https://issues.apache.org/jira/browse/HADOOP-16206>). It seems like 3.2.x and 3.3.x are talking about moving to Reload4j (per https://issues.apache.org/jira/browse/HADOOP-18088 <https://issues.apache.org/jira/browse/HADOOP-18088> and https://github.com/apache/hadoop/pull/3906 <https://github.com/apache/hadoop/pull/3906>). Two questions: - Does that sound accurate? That sounds about right. - Are there any plans to patch Reload4j back into 2.x releases as well? I think a bigger question is whether or not we have someone who would like to volunteer to be a release manager for the 2.10.2 release. The last 2.x release was over a year ago. Thank you for your time and help and all your hard work on this project! ~Brent
--------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
