[
https://issues.apache.org/jira/browse/NIFI-9283?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17425039#comment-17425039
]
ASF subversion and git services commented on NIFI-9283:
-------------------------------------------------------
Commit 4bcd03024a419afdf40d464bda716f0b9d21925b in nifi's branch
refs/heads/main from David Handermann
[ https://gitbox.apache.org/repos/asf?p=nifi.git;h=4bcd030 ]
NIFI-9283 Excluded Log4j 1.2 and upgraded Log4j2 to 2.14.1
Signed-off-by: Joe Gresock <[email protected]>
This closes #5440.
> Upgrade Log4j 2 and exclude Log4j 1.2
> -------------------------------------
>
> Key: NIFI-9283
> URL: https://issues.apache.org/jira/browse/NIFI-9283
> Project: Apache NiFi
> Issue Type: Improvement
> Components: Core Framework, Extensions, MiNiFi, NiFi Registry
> Reporter: David Handermann
> Assignee: David Handermann
> Priority: Minor
> Labels: dependency-upgrade
> Time Spent: 10m
> Remaining Estimate: 0h
>
> A small number of NiFi components include transitive dependencies on Log4j
> 1.2 that should be excluded to avoid runtime conflicts with Logback.
> Several extension modules include transitive dependencies on older versions
> Log4j 2, which have associated vulnerabilities with custom socket-based
> appender configurations.
> Framework and extension modules should exclude all references to Log4j 1.2,
> and transitive dependencies on Log4j 2 should be upgraded to the latest
> version 2.14.1.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
