Uploaded image for project: 'Apache Tez'
  1. Apache Tez
  2. TEZ-4403

Upgrade SLF4J version to 1.7.36

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • None
    • 0.9.3, 0.10.2
    • None
    • None

    Description

      Currently we are on slf4j 1.7.30 https://github.com/apache/tez/blob/master/pom.xml#L65. As per https://mvnrepository.com/artifact/org.slf4j/slf4j-log4j12/1.7.30 , There are four CVE's against this version.
      1. CVE-2022-23305
      2. CVE-2022-23302
      3. CVE-2021-4104
      4. CVE-2019-17571

      Upgrading to 1.7.36 https://mvnrepository.com/artifact/org.slf4j/slf4j-log4j12/1.7.36 should solve the security concerns.

      Attachments

        Issue Links

          links to

          Web Link GitHub Pull Request #198

          Activity

            People

              srahman Syed Shameerur Rahman
              srahman Syed Shameerur Rahman
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0h
                  0h
                  Logged:
                  Time Spent - 1.5h
                  1.5h