[
https://issues.apache.org/jira/browse/NIFI-9283?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
David Handermann updated NIFI-9283:
-----------------------------------
Status: Patch Available (was: Open)
> Upgrade Log4j 2 and exclude Log4j 1.2
> -------------------------------------
>
> Key: NIFI-9283
> URL: https://issues.apache.org/jira/browse/NIFI-9283
> Project: Apache NiFi
> Issue Type: Improvement
> Components: Core Framework, Extensions, MiNiFi, NiFi Registry
> Reporter: David Handermann
> Assignee: David Handermann
> Priority: Minor
> Labels: dependency-upgrade
> Time Spent: 10m
> Remaining Estimate: 0h
>
> A small number of NiFi components include transitive dependencies on Log4j
> 1.2 that should be excluded to avoid runtime conflicts with Logback.
> Several extension modules include transitive dependencies on older versions
> Log4j 2, which have associated vulnerabilities with custom socket-based
> appender configurations.
> Framework and extension modules should exclude all references to Log4j 1.2,
> and transitive dependencies on Log4j 2 should be upgraded to the latest
> version 2.14.1.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
