[jira] [Updated] (IGNITE-16626) Change the default logger to ignite-log4j2

Tue, 01 Mar 2022 09:38:06 -0800 


     [ 
https://issues.apache.org/jira/browse/IGNITE-16626?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Sergei Ryzhov updated IGNITE-16626:
-----------------------------------
    Description: 
Change the default logger to ignite-log4j2.
Mark ignite-log4j deprecated

log4j 1.2.17 is not supported and contains critical vulnerabilities

Direct vulnerabilities:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23305
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23302
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4104
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17571

  was:
log4j 1.2.17 is not supported and contains critical vulnerabilities
I suggest excluding log4j 1.2.17 and module ignite-log4j from ignite.

Direct vulnerabilities:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23305
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23302
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4104
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17571


> Change the default logger to ignite-log4j2
> ------------------------------------------
>
>                 Key: IGNITE-16626
>                 URL: https://issues.apache.org/jira/browse/IGNITE-16626
>             Project: Ignite
>          Issue Type: Bug
>            Reporter: Sergei Ryzhov
>            Assignee: Sergei Ryzhov
>            Priority: Major
>          Time Spent: 10m
>  Remaining Estimate: 0h
>
> Change the default logger to ignite-log4j2.
> Mark ignite-log4j deprecated
> log4j 1.2.17 is not supported and contains critical vulnerabilities
> Direct vulnerabilities:
> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23305
> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23302
> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4104
> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17571



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

Reply via email to