[
https://issues.apache.org/jira/browse/AVRO-3304?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Daniel Nash updated AVRO-3304:
------------------------------
Description: Our company security is having a fit because Nessus scans are
triggering on the bundled log4j in the avro-tools.jar. Please update the log4j
dependencies to the latest versions to remove the critical vulnerability
present in the currently bundled log4j. (was: Our company security is having a
fit because Nessus scans are triggering on the bundled log4j (via SLF4J) in the
avro-tools.jar. Please update the log4j dependencies to the latest versions to
remove the critical vulnerability present in the currently bundled log4j.)
Summary: avro-tools Update log4j dependency for critical vulnerability
(was: avro-tools Update log4j (SLF4J) dependency for critical vulnerability)
> avro-tools Update log4j dependency for critical vulnerability
> -------------------------------------------------------------
>
> Key: AVRO-3304
> URL: https://issues.apache.org/jira/browse/AVRO-3304
> Project: Apache Avro
> Issue Type: Task
> Components: tools
> Affects Versions: 1.11.0
> Reporter: Daniel Nash
> Priority: Major
>
> Our company security is having a fit because Nessus scans are triggering on
> the bundled log4j in the avro-tools.jar. Please update the log4j
> dependencies to the latest versions to remove the critical vulnerability
> present in the currently bundled log4j.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
