[
https://issues.apache.org/jira/browse/BEAM-11055?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17287225#comment-17287225
]
Beam JIRA Bot commented on BEAM-11055:
--------------------------------------
This issue is P2 but has been unassigned without any comment for 60 days so it
has been labeled "stale-P2". If this issue is still affecting you, we care!
Please comment and remove the label. Otherwise, in 14 days the issue will be
moved to P3.
Please see https://beam.apache.org/contribute/jira-priorities/ for a detailed
explanation of what these priorities mean.
> Update log4j to version 2.14.0
> ------------------------------
>
> Key: BEAM-11055
> URL: https://issues.apache.org/jira/browse/BEAM-11055
> Project: Beam
> Issue Type: Improvement
> Components: build-system, io-java-elasticsearch
> Reporter: Ismaël Mejía
> Priority: P2
> Labels: stale-P2
> Time Spent: 6h 10m
> Remaining Estimate: 0h
>
> Beam uses a version of log4j that is reported by some security tools to have
> some security issues. Notice that Beam's use of log4j should not be impacted
> by the issue.
> See [https://nvd.nist.gov/vuln/detail/CVE-2017-5645]
> The update in the vendored grpc module is to ensure it gets updated too in a
> future release of our vendored dependencies. Notice that this is a runtime
> dep for users so they are free to provide their own version so less of an
> issue.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
