[
https://issues.apache.org/jira/browse/HBASE-28532?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17838212#comment-17838212
]
guluo commented on HBASE-28532:
-------------------------------
HBASE-28531 can be part of this issue.
> remove vulnerable slf4j-log4j12 dependency
> ------------------------------------------
>
> Key: HBASE-28532
> URL: https://issues.apache.org/jira/browse/HBASE-28532
> Project: HBase
> Issue Type: Improvement
> Components: hbase-operator-tools
> Reporter: Nikita Pande
> Priority: Major
>
> slf4j-log4j12 is a bridge from SLF4J to Log4j 1.x.
> Since log4j 1.x is vulnerable , so this needs to be removed.
>
> It is to be replaced with the log4j-slf4j-impl dependency, which is a bridge
> from SLF4J to Log4j 2.x.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
