FrankChen021 commented on issue #12425: URL: https://github.com/apache/druid/issues/12425#issuecomment-1101216500
The log4j v1 used by these two libs is introduced by #11794. And they're used for test profile only. So I think it does not cause any security problems. I don't know if it's possible to remove it or upgrade it to log4j2. What do you think ? @cryptoe -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
