[jira] [Created] (IGNITE-13601) Ignite-rest-http and ignite-kubernetes include vulnerable dependencies

Andrew (Jira) Tue, 20 Oct 2020 10:51:26 -0700

Andrew created IGNITE-13601:
-------------------------------

             Summary: Ignite-rest-http and ignite-kubernetes include vulnerable 
dependencies
                 Key: IGNITE-13601
                 URL: https://issues.apache.org/jira/browse/IGNITE-13601
             Project: Ignite
          Issue Type: Bug
          Components: rest
    Affects Versions: 2.9, 2.8.1
            Reporter: Andrew



The ignite-rest-http module includes a [vulnerable 
version|https://nvd.nist.gov/vuln/detail/CVE-2019-17571] of the log4j library. 
It also appears to include slf4j. Why does the REST API include its own logging 
libraries?

This was spotted in 2.8.1 but still appears to be an issue in master and 2.9.

More here:

http://apache-ignite-users.70518.x6.nabble.com/critical-security-vulnerability-for-opt-ignite-apache-ignite-libs-optional-ignite-rest-http-log4j-1-r-td34031.html



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Created] (IGNITE-13601) Ignite-rest-http and ignite-kubernetes include vulnerable dependencies

Reply via email to