[jira] [Resolved] (HBASE-28532) Remove vulnerable dependencies: slf4j-log4j12 and log4j:log4j

Nihal Jain (Jira) Tue, 13 Aug 2024 07:19:11 -0700


     [ 
https://issues.apache.org/jira/browse/HBASE-28532?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Nihal Jain resolved HBASE-28532.
--------------------------------
    Fix Version/s: hbase-operator-tools-1.3.0
     Hadoop Flags: Reviewed
       Resolution: Fixed

Thanks [~nikitapande] for the PR. Merged to codebase!

> Remove vulnerable dependencies: slf4j-log4j12 and log4j:log4j
> -------------------------------------------------------------
>
>                 Key: HBASE-28532
>                 URL: https://issues.apache.org/jira/browse/HBASE-28532
>             Project: HBase
>          Issue Type: Improvement
>          Components: hbase-operator-tools
>            Reporter: Nikita Pande
>            Assignee: Nikita Pande
>            Priority: Major
>             Fix For: hbase-operator-tools-1.3.0
>
>
> slf4j-log4j12 is a bridge from SLF4J to Log4j 1.x.
> Since log4j 1.x is vulnerable , so this needs to be removed.
>  
> It is to be replaced with the log4j-slf4j-impl dependency, which is a bridge 
> from SLF4J to Log4j 2.x.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Resolved] (HBASE-28532) Remove vulnerable dependencies: slf4j-log4j12 and log4j:log4j

Reply via email to