[
https://issues.apache.org/jira/browse/RANGER-3557?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17477972#comment-17477972
]
alain pellegrino commented on RANGER-3557:
------------------------------------------
Versions 2.3.0 and 3.0.0 are still in snapshot. So is it ok if I use the
version 2.2 and modify the pom.xml like that :
<log4j.core.version>2.17.1</log4j.core.version>
> Upgrade to use log4j 2.17.0+ version to ensure that we are using supported
> version of log4j
> -------------------------------------------------------------------------------------------
>
> Key: RANGER-3557
> URL: https://issues.apache.org/jira/browse/RANGER-3557
> Project: Ranger
> Issue Type: Bug
> Components: Ranger
> Affects Versions: 3.0.0, 2.3.0
> Reporter: Pradeep Agrawal
> Assignee: Pradeep Agrawal
> Priority: Blocker
> Fix For: 3.0.0, 2.3.0
>
> Attachments:
> 0001-RANGER-3557-Upgrade-to-use-log4j-2.17.0-version-to-e.patch
>
>
> Upgrade to use log4j 2.17.0+ version to ensure that we are using supported
> version of log4j. This is related to CVE-2021-45105.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
