OlgaGorlova commented on issue #26403: URL: https://github.com/apache/beam/issues/26403#issuecomment-1534207144
Hi @Abacn, thank you for looking into this. You're right, I also don't think it will resolve the issue with security scans. However, our security scan is finding the reference to log4j under beam-vendor-calcite-1_28_0-0.2.jar/META-INF/maven/log4j/* . Looks like the package is built as a fat jar. Is there a reason for that? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
