client-java icon indicating copy to clipboard operation
client-java copied to clipboard
verified publisher icon tikv

update log4j to 2.15

Open zz-jason opened this issue 4 years ago • 1 comments

Is your feature request related to a problem? Please describe.

currently, client-java depends on log4j 1.2.17, although it isn't affected by CVE-2021-44228, it has the following problems:

  1. it's affected by CVE-2019-17571
  2. it doesn't support Lambda expression to lazily evaluate the parameters, which impact the service performance

Describe the solution you'd like

Upgrade log4j to 2.15, refactor heavy string conversions to Lamdba expression in performance-critical pathes

Describe alternatives you've considered

N/A

Additional context

N/A

zz-jason avatar Dec 13 '21 03:12 zz-jason

This issue is stale because it has been open 30 days with no activity.

github-actions[bot] avatar Feb 27 '22 00:02 github-actions[bot]