[NIFI-9283] Upgrade Log4j 2 and exclude Log4j 1.2 - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Resolved
Priority: Minor
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 1.15.0
Component/s: Core Framework, Extensions, MiNiFi, NiFi Registry
Labels:
- dependency-upgrade

Description

A small number of NiFi components include transitive dependencies on Log4j 1.2 that should be excluded to avoid runtime conflicts with Logback.

Several extension modules include transitive dependencies on older versions Log4j 2, which have associated vulnerabilities with custom socket-based appender configurations.

Framework and extension modules should exclude all references to Log4j 1.2, and transitive dependencies on Log4j 2 should be upgraded to the latest version 2.14.1.

Attachments

Issue Links

links to

GitHub Pull Request #5440

Activity

People

Assignee:: David Handermann

Reporter:: David Handermann

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 05/Oct/21 16:30

Updated:: 06/Oct/21 15:19

Resolved:: 06/Oct/21 15:19

Time Tracking

Estimated:

Not Specified

Remaining:

Logged:

20m