[jira] [Updated] (PHOENIX-7169) Phoenix-connectors should not depend on log4j:log4j

Nihal Jain (Jira) Sat, 06 Jan 2024 09:05:29 -0800


     [ 
https://issues.apache.org/jira/browse/PHOENIX-7169?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Nihal Jain updated PHOENIX-7169:
--------------------------------
    Labels: security  (was: )

> Phoenix-connectors should not depend on log4j:log4j
> ---------------------------------------------------
>
>                 Key: PHOENIX-7169
>                 URL: https://issues.apache.org/jira/browse/PHOENIX-7169
>             Project: Phoenix
>          Issue Type: Improvement
>          Components: connectors, hive-connector, spark-connector
>            Reporter: Nihal Jain
>            Assignee: Nihal Jain
>            Priority: Major
>              Labels: security
>
> Apache phoenix-connectors has log4j:log4j in its dependency list which is 
> vulnerable: [https://security.snyk.io/package/maven/log4j:log4j/1.2.17]
> In my org, this dependency is not even allowed to be downloaded and hence I 
> can't even build the code in it's current state.
> With this ticket I plan to completely remove it from the project.
> CC: [~stoty] 



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (PHOENIX-7169) Phoenix-connectors should not depend on log4j:log4j

Reply via email to