Uploaded image for project: 'Beam'
  1. Beam
  2. BEAM-11055

Update log4j to version 2.14.1

    XMLWordPrintableJSON

    Details

    • Type: Improvement
    • Status: Open
    • Priority: P3
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Labels:
      None

      Description

      Beam uses a version of log4j that is reported by some security tools to have some security issues. Notice that Beam's use of log4j should not be impacted by the issue.
      See https://nvd.nist.gov/vuln/detail/CVE-2017-5645

      The update in the vendored grpc module is to ensure it gets updated too in a future release of our vendored dependencies. Notice that this is a runtime dep for users so they are free to provide their own version so less of an issue.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                iemejia Ismaël Mejía
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:

                  Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0h
                  0h
                  Logged:
                  Time Spent - 6h 10m
                  6h 10m