[jira] [Updated] (MNG-7366) Maven downloading log4j version not specified in POM when building the Project.

Tharanadha K (Jira) Sun, 09 Jan 2022 21:49:05 -0800


     [ 
https://issues.apache.org/jira/browse/MNG-7366?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Tharanadha K updated MNG-7366:
------------------------------
    Attachment: image-2022-01-10-11-18-51-317.png

> Maven downloading log4j version not specified in POM when building the 
> Project.
> -------------------------------------------------------------------------------
>
>                 Key: MNG-7366
>                 URL: https://issues.apache.org/jira/browse/MNG-7366
>             Project: Maven
>          Issue Type: Bug
>          Components: Artifacts and Repositories, Dependencies
>    Affects Versions: 3.8.4
>            Reporter: Srinivasan L
>            Priority: Critical
>         Attachments: image-2022-01-10-11-18-51-317.png, maven log4j issue.png
>
>
> Maven downloading log4j version not specified in POM when building the 
> Project.
> In POM i have updated my log4j to log4j core 2.16.0 to fix the Log4j 
> Vulnerability with Older version. But even after changing the Version Maven 
> is downloading 1.2.12 and 1.2.17 version of Log4j when running the build.
> I'm not seeing these version even in the dependency tree of my Project. 
> Please help to fix this issue as its a Critical Security Issue.



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

[jira] [Updated] (MNG-7366) Maven downloading log4j version not specified in POM when building the Project.

Reply via email to