-
Type:
Improvement
-
Status: Open
-
Priority:
P3
-
Resolution: Unresolved
-
Affects Version/s: None
-
Fix Version/s: None
-
Component/s: build-system, io-java-elasticsearch
-
Labels:None
Beam uses a version of log4j that is reported by some security tools to have some security issues. Notice that Beam's use of log4j should not be impacted by the issue.
See https://nvd.nist.gov/vuln/detail/CVE-2017-5645
The update in the vendored grpc module is to ensure it gets updated too in a future release of our vendored dependencies. Notice that this is a runtime dep for users so they are free to provide their own version so less of an issue.
- links to