update log4j to 2.15 #396
Description
Is your feature request related to a problem? Please describe.
currently, client-java depends on log4j 1.2.17, although it isn't affected by CVE-2021-44228, it has the following problems:
- it's affected by CVE-2019-17571
- it doesn't support Lambda expression to lazily evaluate the parameters, which impact the service performance
Describe the solution you'd like
Upgrade log4j to 2.15, refactor heavy string conversions to Lamdba expression in performance-critical pathes
Describe alternatives you've considered
N/A
Additional context
N/A
Metadata
Metadata
Assignees
Labels
No labels