Description
Currently we are on slf4j 1.7.30 https://github.com/apache/tez/blob/master/pom.xml#L65. As per https://mvnrepository.com/artifact/org.slf4j/slf4j-log4j12/1.7.30 , There are four CVE's against this version.
1. CVE-2022-23305
2. CVE-2022-23302
3. CVE-2021-4104
4. CVE-2019-17571
Upgrading to 1.7.36 https://mvnrepository.com/artifact/org.slf4j/slf4j-log4j12/1.7.36 should solve the security concerns.
Attachments
Issue Links
- links to