iemejia commented on a change in pull request #13073:
URL: https://github.com/apache/beam/pull/13073#discussion_r627991542
##########
File path: sdks/java/io/hcatalog/build.gradle
##########
@@ -41,6 +41,17 @@ test {
ignoreFailures true
}
+configurations.testRuntimeClasspath {
+ resolutionStrategy {
+ def log4j_version = "2.4.1"
Review comment:
It is a pity we cannot move to the latest log4j version because of
Hive's HCatalog dependency constraints. The bad part is that this will still
trigger security analysis tools warnings, but I have no idea of how to
workaround this apart of doing a full upgrade of Hive to the latest but that
does not seem to be so simple either, for ref
[BEAM-9351](https://issues.apache.org/jira/browse/BEAM-9351).
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
