[jira] [Updated] (IGNITE-16650) Exclude ignite-log4j, log4j 1.2.17

Thu, 03 Mar 2022 08:53:07 -0800 


     [ 
https://issues.apache.org/jira/browse/IGNITE-16650?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Sergei Ryzhov updated IGNITE-16650:
-----------------------------------
    Labels: ise  (was: )

> Exclude ignite-log4j, log4j 1.2.17
> ----------------------------------
>
>                 Key: IGNITE-16650
>                 URL: https://issues.apache.org/jira/browse/IGNITE-16650
>             Project: Ignite
>          Issue Type: Bug
>            Reporter: Sergei Ryzhov
>            Assignee: Sergei Ryzhov
>            Priority: Major
>              Labels: ise
>
> log4j 1.2.17 is not supported and contains critical vulnerabilities
> https://blogs.apache.org/foundation/entry/apache_logging_services_project_announces
> I suggest excluding the ignite-log4j module from ignite
> Direct vulnerabilities:
> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23305
> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23302
> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4104
> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17571



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

Reply via email to