[
https://issues.apache.org/jira/browse/PHOENIX-6610?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17458608#comment-17458608
]
ASF GitHub Bot commented on PHOENIX-6610:
-----------------------------------------
stoty commented on pull request #68:
URL: https://github.com/apache/phoenix-connectors/pull/68#issuecomment-992753147
My PR #67 for PHOENIX-6609 has the same version bump, but without the
exclusions.
Our (unshaded) non-test dependencies don't include log4j2, and the shaded
connectors set all hive dependencies to provided, so the shaded artifacts don't
have log4j2 classes either.
[stoty@IstvanToth-MBP15]
~/workspaces/apache-phoenix/phoenix-connectors/phoenix-hive-base
(PHOENIX-6609)$ jar tfv
phoenix5-hive-shaded/target/phoenix5-hive-shaded-6.0.0-SNAPSHOT.jar |grep
org/apache/logging/log4j
[stoty@IstvanToth-MBP15]
~/workspaces/apache-phoenix/phoenix-connectors/phoenix-hive-base
(PHOENIX-6609)$ jar tfv
phoenix4-hive-shaded/target/phoenix4-hive-shaded-6.0.0-SNAPSHOT.jar |grep
org/apache/logging/log4j
[stoty@IstvanToth-MBP15]
~/workspaces/apache-phoenix/phoenix-connectors/phoenix-hive-base (PHOENIX-6609)$
I think the exclusions you're adding are redundant.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
> [Phoenix-connectors] Upgrade Log4j dependency to address CVE-2021-44228
> ------------------------------------------------------------------------
>
> Key: PHOENIX-6610
> URL: https://issues.apache.org/jira/browse/PHOENIX-6610
> Project: Phoenix
> Issue Type: Bug
> Reporter: Ankit Singhal
> Assignee: Ankit Singhal
> Priority: Major
>
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
