[
https://issues.apache.org/jira/browse/OMID-313?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17955570#comment-17955570
]
Istvan Toth commented on OMID-313:
----------------------------------
It's a bit late, but the ticket description is not correct.
None of the listed CVEs are related to commons-logging.
Replacing commons-logging with org.slf4j:jcl-over-slf4j is good, as it will
result in the logs getting correctly processed by the selected logging backed,
but this is not a security issue.
> Remove commons-logging due to multiple affecting CVEs
> -----------------------------------------------------
>
> Key: OMID-313
> URL: https://issues.apache.org/jira/browse/OMID-313
> Project: Phoenix Omid
> Issue Type: Improvement
> Reporter: Norbert Mészáros
> Assignee: Norbert Mészáros
> Priority: Major
> Fix For: 1.1.4
>
>
> Remove commons-logging due to multiple affecting CVEs
> (CVE-2021-37533 CVE-2019-17571 CVE-2021-4104 CVE-2022-23302 CVE-2022-23305
> CVE-2022-23307)
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
