[BEAM-12422] Vendored gRPC 1.36.0 is using a log4j version with security issues - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: P1
Resolution: Fixed
Affects Version/s: 2.30.0
Fix Version/s: 2.32.0
Component/s: build-system
Labels:
None

Description

Automatic security scanners report this vulnerability https://nvd.nist.gov/vuln/detail/CVE-2017-5645

This is defined during vendoring here https://github.com/apache/beam/blob/3c9807bfb4e00a8f8564b4688e01ad5c8c2189d2/buildSrc/src/main/groovy/org/apache/beam/gradle/GrpcVendoring_1_36_0.groovy#L71

Attachments

Issue Links

links to

GitHub Pull Request #15098

GitHub Pull Request #15103

GitHub Pull Request #15113

Activity

People

Assignee:: Tomo Suzuki

Reporter:: Ismaël Mejía

Votes:: 1 Vote for this issue

Watchers:: 5 Start watching this issue

Dates

Created:: 28/May/21 13:07

Updated:: 10/Sep/21 20:33

Resolved:: 14/Jul/21 03:01

Time Tracking

Estimated:

Not Specified

Remaining:

0h

Logged:

13h 20m