[jira] [Commented] (NIFI-9474) Upgrade Log4j to 2.15.0

Mon, 13 Dec 2021 10:06:12 -0800 


    [ 
https://issues.apache.org/jira/browse/NIFI-9474?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17458591#comment-17458591
 ] 

ASF subversion and git services commented on NIFI-9474:
-------------------------------------------------------

Commit 29fbf22a4a87ba7f565492526621dd6548263fd5 in nifi's branch 
refs/heads/support/nifi-1.15 from Pierre Villard
[ https://gitbox.apache.org/repos/asf?p=nifi.git;h=29fbf22 ]

NIFI-9474 - Upgrade additional Log4j references to 2.15.0

This closes #5595

Signed-off-by: David Handermann <[email protected]>


> Upgrade Log4j to 2.15.0
> -----------------------
>
>                 Key: NIFI-9474
>                 URL: https://issues.apache.org/jira/browse/NIFI-9474
>             Project: Apache NiFi
>          Issue Type: Improvement
>            Reporter: Pierre Villard
>            Assignee: Bryan Bende
>            Priority: Major
>              Labels: security
>             Fix For: 1.16.0
>
>          Time Spent: 1.5h
>  Remaining Estimate: 0h
>
> Following NIFI-9283, upgrade Log4j to 2.15.0 wherever possible.
> This is in light of the recent announcement for 
> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228
> We do not believe we use log4j 2 in any way that exposes the vulnerability 
> but we'll update beyond the version anyway.  We still need to fix the 
> following so I reopened the JIRA
> ./nifi-nar-bundles/nifi-atlas-bundle/nifi-atlas-nar/target/classes/META-INF/bundled-dependencies/log4j-api-2.13.3.jar
> ./nifi-nar-bundles/nifi-atlas-bundle/nifi-atlas-nar/target/classes/META-INF/bundled-dependencies/log4j-core-2.13.3.jar
> ./nifi-registry/nifi-registry-core/nifi-registry-web-api/target/nifi-registry-web-api-1.16.0-SNAPSHOT/WEB-INF/lib/log4j-to-slf4j-2.14.1.jar
> ./nifi-registry/nifi-registry-core/nifi-registry-web-api/target/nifi-registry-web-api-1.16.0-SNAPSHOT/WEB-INF/lib/log4j-api-2.14.1.jar
> ./nifi-registry/nifi-registry-toolkit/nifi-registry-toolkit-assembly/target/nifi-registry-toolkit-1.16.0-SNAPSHOT-bin/nifi-registry-toolkit-1.16.0-SNAPSHOT/lib/log4j-to-slf4j-2.14.1.jar
> ./nifi-registry/nifi-registry-toolkit/nifi-registry-toolkit-assembly/target/nifi-registry-toolkit-1.16.0-SNAPSHOT-bin/nifi-registry-toolkit-1.16.0-SNAPSHOT/lib/log4j-api-2.14.1.jar



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

Reply via email to