[jira] [Created] (IGNITE-16626) Exclude ignite-log4j, log4j 1.2.17

Sergei Ryzhov (Jira) Thu, 24 Feb 2022 10:48:07 -0800

Sergei Ryzhov created IGNITE-16626:
--------------------------------------

             Summary: Exclude ignite-log4j, log4j 1.2.17
                 Key: IGNITE-16626
                 URL: https://issues.apache.org/jira/browse/IGNITE-16626
             Project: Ignite
          Issue Type: Bug
            Reporter: Sergei Ryzhov
            Assignee: Sergei Ryzhov



log4j 1.2.17 is not supported and contains critical vulnerabilities
I suggest excluding log4j 1.2.17 and module ignite-log4j from ignite.

Direct vulnerabilities:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23305
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23302
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4104
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17571



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

[jira] [Created] (IGNITE-16626) Exclude ignite-log4j, log4j 1.2.17

Reply via email to