[jira] [Assigned] (RATIS-1501) Exclude log4j JMSSink, JDBCAppender, and Chainsaw from the generated jar

Tsz-wo Sze (Jira) Sat, 22 Jan 2022 20:39:07 -0800


     [ 
https://issues.apache.org/jira/browse/RATIS-1501?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Tsz-wo Sze reassigned RATIS-1501:
---------------------------------

       Assignee: Tsz-wo Sze
    Description: 
log4j 1.2.17 has the following vulnerabilities:
- [CVE-2022-23302|https://nvd.nist.gov/vuln/detail/CVE-2022-23302]: JMSSink
- [CVE-2022-23305 |https://nvd.nist.gov/vuln/detail/CVE-2022-23305]: 
JDBCAppender
- [CVE-2022-23307 |https://nvd.nist.gov/vuln/detail/CVE-2022-23307]: Chainsaw

We should exclude the related classes from the generated jars.

> Exclude log4j JMSSink, JDBCAppender, and Chainsaw from the generated jar
> ------------------------------------------------------------------------
>
>                 Key: RATIS-1501
>                 URL: https://issues.apache.org/jira/browse/RATIS-1501
>             Project: Ratis
>          Issue Type: Improvement
>          Components: build
>            Reporter: Tsz-wo Sze
>            Assignee: Tsz-wo Sze
>            Priority: Major
>
> log4j 1.2.17 has the following vulnerabilities:
> - [CVE-2022-23302|https://nvd.nist.gov/vuln/detail/CVE-2022-23302]: JMSSink
> - [CVE-2022-23305 |https://nvd.nist.gov/vuln/detail/CVE-2022-23305]: 
> JDBCAppender
> - [CVE-2022-23307 |https://nvd.nist.gov/vuln/detail/CVE-2022-23307]: Chainsaw
> We should exclude the related classes from the generated jars.



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

[jira] [Assigned] (RATIS-1501) Exclude log4j JMSSink, JDBCAppender, and Chainsaw from the generated jar

Reply via email to