[BEAM-13481] Upgrade shadow plugin (log4j) - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Resolved
Priority: P2
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 2.36.0
Component/s: build-system
Labels:
None

Description

Beam's current version of the shadow plugin (6.1.0) is dependent on a vulnerable version of log4j. The shadow plugin is run at compile time only, and is never bundled in any Beam applications, but the log4j dependency may still be problematic since some organizations may have blocked it.

The shadow plugin has already made a new release, but it will require us to upgrade to Gradle 7 (~~BEAM-13430~~): https://github.com/johnrengelman/shadow/releases/tag/7.1.1

Attachments

Activity

People

Assignee:: Daniel Collins

Reporter:: Kyle Weaver

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 16/Dec/21 23:40

Updated:: 04/Jan/22 19:01

Resolved:: 04/Jan/22 19:01