Guilaume Kermorgant created FLINK-23315: -------------------------------------------
Summary: Bump log4j to 2.14.1 for version 1.13.2 Key: FLINK-23315 URL: https://issues.apache.org/jira/browse/FLINK-23315 Project: Flink Issue Type: Improvement Reporter: Guilaume Kermorgant Fix For: 1.13.2 Flink 1.13 is currently [relying on log4j 2.12.1|[https://github.com/apache/flink/blob/release-1.13/pom.xml#L110],] which has a [low severity vulnerability|[https://nvd.nist.gov/vuln/detail/CVE-2020-9488]|https://nvd.nist.gov/vuln/detail/CVE-2020-9488].] This is fixed in Log4j 2.13.1. Flink 1.14 will be released with Log4j 2.14.1, c.f. [FLINK-22407|https://issues.apache.org/jira/browse/FLINK-22407] It would be nice for us to have it in Flink 1.13.2 as well, if the community thinks it's not a bad idea; this could also be a good opportunity for me to open a first PR in the Flink repo. -- This message was sent by Atlassian Jira (v8.3.4#803005)