[
https://issues.apache.org/jira/browse/PHOENIX-6610?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17458640#comment-17458640
]
ASF GitHub Bot commented on PHOENIX-6610:
-----------------------------------------
ankitsinghal commented on pull request #68:
URL: https://github.com/apache/phoenix-connectors/pull/68#issuecomment-992776985
> I think the exclusions you're adding are redundant.
Yeah, they are not needed at the moment but just want them not to be pulled
accidentally in case our shading changes in future(until Hive fix it and we
update the hive version) and also not sure how CVE scans work if they run the
dependency check and found log4j2 under dependency tree(even it is provided)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
> [Phoenix-connectors] Upgrade Log4j dependency to address CVE-2021-44228
> ------------------------------------------------------------------------
>
> Key: PHOENIX-6610
> URL: https://issues.apache.org/jira/browse/PHOENIX-6610
> Project: Phoenix
> Issue Type: Bug
> Reporter: Ankit Singhal
> Assignee: Ankit Singhal
> Priority: Major
>
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
