Liang Zhao created STORM-3812: --------------------------------- Summary: Storm release packages log4j v1 Key: STORM-3812 URL: https://issues.apache.org/jira/browse/STORM-3812 Project: Apache Storm Issue Type: Improvement Reporter: Liang Zhao
log4j v1 is at it's EOL, but due to some implicit package references in maven, some tools/libs is still packaging log4j. All latest releases are all being impacted. Packages impacted: * storm-autocreds * storm-kafka-monitor It would be good to fix/release this together with log4j v2 recent CVEs, thus vulnerability scan will be clear for log4j vulnerability. -- This message was sent by Atlassian Jira (v8.20.1#820001)