[jira] [Comment Edited] (HBASE-28532) remove vulnerable slf4j-log4j12 dependency

guluo (Jira) Wed, 17 Apr 2024 07:40:55 -0700


    [ 
https://issues.apache.org/jira/browse/HBASE-28532?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17838212#comment-17838212
 ]


guluo edited comment on HBASE-28532 at 4/17/24 2:39 PM:
--------------------------------------------------------

-HBASE-28531 can be part of this issue.-


was (Author: guluo):
HBASE-28531 can be part of this issue.

> remove vulnerable slf4j-log4j12 dependency
> ------------------------------------------
>
>                 Key: HBASE-28532
>                 URL: https://issues.apache.org/jira/browse/HBASE-28532
>             Project: HBase
>          Issue Type: Improvement
>          Components: hbase-operator-tools
>            Reporter: Nikita Pande
>            Priority: Major
>
> slf4j-log4j12 is a bridge from SLF4J to Log4j 1.x.
> Since log4j 1.x is vulnerable , so this needs to be removed.
>  
> It is to be replaced with the log4j-slf4j-impl dependency, which is a bridge 
> from SLF4J to Log4j 2.x.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Comment Edited] (HBASE-28532) remove vulnerable slf4j-log4j12 dependency

Reply via email to