[STORM-3812] Storm release packages log4j v1 - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: None
Component/s: None
Labels:
None

Description

log4j v1 is at it's EOL, but due to some implicit package references in maven, some tools/libs is still packaging log4j. All latest releases are all being impacted.

Packages impacted:

storm-autocreds
storm-kafka-monitor

It would be good to fix/release this together with log4j v2 recent CVEs, thus vulnerability scan will be clear for log4j vulnerability.

Attachments

Issue Links

relates to

STORM-3811 Upgrade log4j version to 2.17.1

Resolved

Activity

People

Assignee:: Unassigned

Reporter:: Liang Zhao

Votes:: 1 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 20/Dec/21 10:06

Updated:: 25/Aug/23 11:02

Resolved:: 25/Aug/23 11:02

Time Tracking

Estimated:

Not Specified

Remaining:

Logged:

40m