[
https://issues.apache.org/jira/browse/BEAM-13481?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Kyle Weaver updated BEAM-13481:
-------------------------------
Fix Version/s: 2.36.0
Assignee: Daniel Collins (was: Kyle Weaver)
Resolution: Fixed
Status: Resolved (was: Open)
We've upgraded to Gradle 7 and shadow 7.1.1.
https://github.com/apache/beam/pull/16319
> Upgrade shadow plugin (log4j)
> -----------------------------
>
> Key: BEAM-13481
> URL: https://issues.apache.org/jira/browse/BEAM-13481
> Project: Beam
> Issue Type: Improvement
> Components: build-system
> Reporter: Kyle Weaver
> Assignee: Daniel Collins
> Priority: P2
> Fix For: 2.36.0
>
>
> Beam's current version of the shadow plugin (6.1.0) is dependent on a
> vulnerable version of log4j. The shadow plugin is run at compile time only,
> and is never bundled in any Beam applications, but the log4j dependency may
> still be problematic since some organizations may have blocked it.
> The shadow plugin has already made a new release, but it will require us to
> upgrade to Gradle 7 (BEAM-13430):
> https://github.com/johnrengelman/shadow/releases/tag/7.1.1
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
