[
https://issues.apache.org/jira/browse/KNOX-2717?focusedWorklogId=752762&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-752762
]
ASF GitHub Bot logged work on KNOX-2717:
----------------------------------------
Author: ASF GitHub Bot
Created on: 05/Apr/22 11:23
Start Date: 05/Apr/22 11:23
Worklog Time Spent: 10m
Work Description: pjfanning commented on PR #547:
URL: https://github.com/apache/knox/pull/547#issuecomment-1088584990
@smolnar82 I reverted the log4j change - I added it because the CI didn't
kick off for my initial commit. I'm relying on the CI build test the changes.
I'm not a Knox user. I'm involved with the ASF Security team and am trying to
get ASF projects to start looking at their transitive dependencies. The ASF get
many requests from users and now even government agencies asking us why we
don't have all the latest security fixes applied in our projects.
Issue Time Tracking
-------------------
Worklog Id: (was: 752762)
Time Spent: 40m (was: 0.5h)
> upgrade shiro due to security issue
> -----------------------------------
>
> Key: KNOX-2717
> URL: https://issues.apache.org/jira/browse/KNOX-2717
> Project: Apache Knox
> Issue Type: Bug
> Reporter: PJ Fanning
> Priority: Major
> Time Spent: 40m
> Remaining Estimate: 0h
>
> https://github.com/apache/knox/blob/master/pom.xml#L256
> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41303
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
