Nihal Jain created PHOENIX-7169:
-----------------------------------
Summary: Phoenix-connector should not depend on log4j:log4j
Key: PHOENIX-7169
URL: https://issues.apache.org/jira/browse/PHOENIX-7169
Project: Phoenix
Issue Type: Improvement
Reporter: Nihal Jain
Assignee: Nihal Jain
Apache phoenix-connectors has log4j:log4j in its dependency list which is
vulnerable: [https://security.snyk.io/package/maven/log4j:log4j/1.2.17]
In my org, this dependency is not even allowed to be downloaded and hence I
can't even build the code in it's current state.
With this ticket I plan to completely remove it from the project.
CC: [~stoty]
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
