Liang Zhao created STORM-3812:
---------------------------------
Summary: Storm release packages log4j v1
Key: STORM-3812
URL: https://issues.apache.org/jira/browse/STORM-3812
Project: Apache Storm
Issue Type: Improvement
Reporter: Liang Zhao
log4j v1 is at it's EOL, but due to some implicit package references in maven,
some tools/libs is still packaging log4j. All latest releases are all being
impacted.
Packages impacted:
* storm-autocreds
* storm-kafka-monitor
It would be good to fix/release this together with log4j v2 recent CVEs, thus
vulnerability scan will be clear for log4j vulnerability.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
