Akanksha kedia created BIGTOP-4011:
--------------------------------------
Summary: CVE-2022-23307: Apache Log4j security vulnerabilities
Key: BIGTOP-4011
URL: https://issues.apache.org/jira/browse/BIGTOP-4011
Project: Bigtop
Issue Type: Bug
Reporter: Akanksha kedia
Fix For: 3.3.0
h2. Apache Log4j
The version of Log4j you're using (1.2.14) is quite old and may have known
security vulnerabilities. The most recent version of Log4j 1.x is 1.2.17, but
even this version is outdated and no longer maintained.
It is strongly recommended to upgrade to Log4j 2.x, which has superior
performance, better support, and more features. Also, it's actively maintained
and has better handling of vulnerabilities.
To upgrade to Log4j 2.x, you would need to replace your existing Log4j 1.x
dependency with the Log4j 2.x dependency in your Maven pom.xml file.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
