[
https://issues.apache.org/jira/browse/HBASE-28532?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17838230#comment-17838230
]
guluo commented on HBASE-28532:
-------------------------------
I rechecked this code and found that HBASE-28531 and this issue are not the
same issue.
HBASE-28531 is raised regarding this hbase-hbck2 module, which has already used
log4j-slf4j-impl.
It's just that HBASE-28531 occurred because the version of log4j-slf4j-impl
lower than 2.17.2.
> remove vulnerable slf4j-log4j12 dependency
> ------------------------------------------
>
> Key: HBASE-28532
> URL: https://issues.apache.org/jira/browse/HBASE-28532
> Project: HBase
> Issue Type: Improvement
> Components: hbase-operator-tools
> Reporter: Nikita Pande
> Priority: Major
>
> slf4j-log4j12 is a bridge from SLF4J to Log4j 1.x.
> Since log4j 1.x is vulnerable , so this needs to be removed.
>
> It is to be replaced with the log4j-slf4j-impl dependency, which is a bridge
> from SLF4J to Log4j 2.x.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
