[
https://issues.apache.org/jira/browse/NUTCH-2915?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17458795#comment-17458795
]
ASF GitHub Bot commented on NUTCH-2915:
---------------------------------------
sebastian-nagel commented on pull request #713:
URL: https://github.com/apache/nutch/pull/713#issuecomment-993004420
Hi @lewismc,
> I’m happy to perform the release unless you want to go ahead with it.
I'd opt to spend 2 days for looking through the open PRs to review and
commit at least some of them (eg. #703). Also there are two issues (NUTCH-2916
and NUTCH-2917) relate to the log4j 2 upgrade and might need a closer look.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
> Upgrade to log4j 2.15.0
> -----------------------
>
> Key: NUTCH-2915
> URL: https://issues.apache.org/jira/browse/NUTCH-2915
> Project: Nutch
> Issue Type: Bug
> Components: logging
> Affects Versions: 1.19
> Reporter: Sebastian Nagel
> Assignee: Sebastian Nagel
> Priority: Critical
> Fix For: 1.19
>
>
> See [Apache Log4j Security
> Vulnerabilities|https://logging.apache.org/log4j/2.x/security.html].
> Notes:
> - the released 1.18 is not directly affected because it uses log4j 1.x which
> is not affected by CVE-2021-44228. The upgrade from log4j 1.x to 2.14.1 was
> done recently by NUTCH-2885.
> - the plugin indexer-elastic includes a transitive dependency to
> log4j-api-2.11.1 which is not affected - only log4j-core is according to
> [comments by slf4j|http://www.slf4j.org/log4shell.html].
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
