[jira] [Resolved] (RATIS-1501) Exclude log4j JMSSink, JDBCAppender, and Chainsaw from the generated jar

Attila Doroszlai (Jira) Mon, 24 Jan 2022 01:15:05 -0800


     [ 
https://issues.apache.org/jira/browse/RATIS-1501?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Attila Doroszlai resolved RATIS-1501.
-------------------------------------
    Fix Version/s: 2.3.0
       Resolution: Implemented

> Exclude log4j JMSSink, JDBCAppender, and Chainsaw from the generated jar
> ------------------------------------------------------------------------
>
>                 Key: RATIS-1501
>                 URL: https://issues.apache.org/jira/browse/RATIS-1501
>             Project: Ratis
>          Issue Type: Improvement
>          Components: build
>            Reporter: Tsz-wo Sze
>            Assignee: Tsz-wo Sze
>            Priority: Major
>             Fix For: 2.3.0
>
>          Time Spent: 40m
>  Remaining Estimate: 0h
>
> log4j 1.2.17 has the following vulnerabilities:
> - [CVE-2022-23302|https://nvd.nist.gov/vuln/detail/CVE-2022-23302]: JMSSink
> - [CVE-2022-23305 |https://nvd.nist.gov/vuln/detail/CVE-2022-23305]: 
> JDBCAppender
> - [CVE-2022-23307 |https://nvd.nist.gov/vuln/detail/CVE-2022-23307]: Chainsaw
> We should exclude the related classes from the generated jars.



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

[jira] [Resolved] (RATIS-1501) Exclude log4j JMSSink, JDBCAppender, and Chainsaw from the generated jar

Reply via email to