Details
-
Improvement
-
Status: Resolved
-
Minor
-
Resolution: Fixed
-
None
Description
A small number of NiFi components include transitive dependencies on Log4j 1.2 that should be excluded to avoid runtime conflicts with Logback.
Several extension modules include transitive dependencies on older versions Log4j 2, which have associated vulnerabilities with custom socket-based appender configurations.
Framework and extension modules should exclude all references to Log4j 1.2, and transitive dependencies on Log4j 2 should be upgraded to the latest version 2.14.1.
Attachments
Issue Links
- links to