David Handermann created NIFI-9283:
--------------------------------------
Summary: Upgrade Log4j 2 and exclude Log4j 1.2
Key: NIFI-9283
URL: https://issues.apache.org/jira/browse/NIFI-9283
Project: Apache NiFi
Issue Type: Improvement
Components: Core Framework, Extensions, MiNiFi, NiFi Registry
Reporter: David Handermann
Assignee: David Handermann
A small number of NiFi components include transitive dependencies on Log4j 1.2
that should be excluded to avoid runtime conflicts with Logback.
Several extension modules include transitive dependencies on older versions
Log4j 2, which have associated vulnerabilities with custom socket-based
appender configurations.
Framework and extension modules should exclude all references to Log4j 1.2, and
transitive dependencies on Log4j 2 should be upgraded to the latest version
2.14.1.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
