Re: [PR] HBASE-28532 remove vulnerable slf4j-log4j12 dependency [hbase-operator-tools]

via GitHub Thu, 08 Aug 2024 04:45:06 -0700


NihalJain commented on code in PR #142:
URL: 
https://github.com/apache/hbase-operator-tools/pull/142#discussion_r1709302683



##########
hbase-table-reporter/pom.xml:
##########
@@ -36,17 +36,23 @@
     <dependency>
       <groupId>org.slf4j</groupId>
       <artifactId>slf4j-api</artifactId>
-      <version>1.7.25</version>
+      <version>${slf4j.version}</version>
     </dependency>
     <dependency>
-      <groupId>org.slf4j</groupId>
-      <artifactId>slf4j-log4j12</artifactId>
-      <version>1.7.25</version>
+      <groupId>org.apache.logging.log4j</groupId>
+      <artifactId>log4j-slf4j-impl</artifactId>
+      <version>${log4j2.version}</version>
     </dependency>
     <dependency>
       <groupId>org.apache.hbase</groupId>
       <artifactId>hbase-shaded-client</artifactId>
       <version>2.1.1</version>

Review Comment:
   Technically this dependecny should be not even needed post 
https://github.com/apache/hbase-operator-tools/pull/144 as I think log4j 1 
would have been leaked via hbase 2.1.1. @nikita15p  could you please check and 
update



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Re: [PR] HBASE-28532 remove vulnerable slf4j-log4j12 dependency [hbase-operator-tools]

Reply via email to