[
https://issues.apache.org/jira/browse/ARTEMIS-3839?focusedWorklogId=771367&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-771367
]
ASF GitHub Bot logged work on ARTEMIS-3839:
-------------------------------------------
Author: ASF GitHub Bot
Created on: 17/May/22 14:02
Start Date: 17/May/22 14:02
Worklog Time Spent: 10m
Work Description: enkeys opened a new pull request, #4084:
URL: https://github.com/apache/activemq-artemis/pull/4084
Upgrade jboss-logging 3.4.3.Final dependency due to false-positive
vulnerability reports
Minor upgrade for jboss-logging from 3.4.3 to 3.5.0
Patch upgrade for jboss-logging-annotations from 2.2.0.Final to 2.2.1.Final
Patch upgrade for jboss-logging-processor from 2.2.0.Final to 2.2.1.Final
Issue Time Tracking
-------------------
Worklog Id: (was: 771367)
Remaining Estimate: 0h (was: 10m)
Time Spent: 10m
> Upgrade jboss-logging 3.4.3.Final dependency due to false-positive
> vulnerability reports
> -----------------------------------------------------------------------------------------
>
> Key: ARTEMIS-3839
> URL: https://issues.apache.org/jira/browse/ARTEMIS-3839
> Project: ActiveMQ Artemis
> Issue Type: Dependency upgrade
> Components: Broker
> Affects Versions: 2.22.0
> Reporter: Dominik Lenoch
> Priority: Minor
> Original Estimate: 10m
> Time Spent: 10m
> Remaining Estimate: 0h
>
> Upgrade org.jboss.logging:jboss-logging due to dependency on old version of
> log4j with known vulnerabilities. These vulnerabilities do not apply to
> jboss-logging, log4j is only used there for facades, but the scan reports
> false positive vulnerabilities due to this.
--
This message was sent by Atlassian Jira
(v8.20.7#820007)
