Uploaded image for project: 'Apache Avro'
  1. Apache Avro
  2. AVRO-3304

avro-tools Update log4j dependency for critical vulnerability

VotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    Description

      Our company security is having a fit because Nessus scans are triggering on the bundled log4j in the avro-tools.jar.  Please update the log4j dependencies to the latest versions to remove the critical vulnerability present in the currently bundled log4j.

      Attachments

        Activity
          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            rskraba Ryan Skraba
            DannyBoy2k Daniel Nash
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Time Tracking

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - 0h
                0h
                Logged:
                Time Spent - 2h 20m
                2h 20m

                Slack

                  Issue deployment