Uploaded image for project: 'Apache Avro'
  1. Apache Avro
  2. AVRO-3304

avro-tools Update log4j dependency for critical vulnerability

    XMLWordPrintableJSON

Details

    Description

      Our company security is having a fit because Nessus scans are triggering on the bundled log4j in the avro-tools.jar.  Please update the log4j dependencies to the latest versions to remove the critical vulnerability present in the currently bundled log4j.

      Attachments

        Activity

          People

            rskraba Ryan Skraba
            DannyBoy2k Daniel Nash
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Time Tracking

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - 0h
                0h
                Logged:
                Time Spent - 2h 20m
                2h 20m