Ismaël Mejía created BEAM-11055:
-----------------------------------
Summary: Update log4j to version 2.13.3
Key: BEAM-11055
URL: https://issues.apache.org/jira/browse/BEAM-11055
Project: Beam
Issue Type: Improvement
Components: build-system, io-java-elasticsearch
Reporter: Ismaël Mejía
Assignee: Ismaël Mejía
Beam uses a version of log4j that is reported by some security tools to have
some security issues. Notice that Beam's use of log4j should not be impacted by
the issue.
See [https://nvd.nist.gov/vuln/detail/CVE-2017-5645]
The update in the vendored grpc module is to ensure it gets updated too in a
future release of our vendored dependencies. Notice that this is a runtime dep
for users so they are free to provide their own version so less of an issue.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
