kaijchen opened a new pull request, #464:
URL: https://github.com/apache/incubator-uniffle/pull/464
### What changes were proposed in this pull request?
Bump slf4j to 1.7.36 to fix vulnerability in slf4j-log4j12.
### Why are the changes needed?
slf4j-log4j12:1.7.25 provides transitive vulnerable dependency log4j:1.2.17
* CVE-2019-17571 9.8 Deserialization of Untrusted Data vulnerability pending
CVSS allocation
* CVE-2021-4104 7.5 Deserialization of Untrusted Data vulnerability with
medium severity found
* CVE-2022-23302 8.8 Deserialization of Untrusted Data vulnerability pending
CVSS allocation
* CVE-2022-23305 9.8 Improper Neutralization of Special Elements used in an
SQL Command ('SQL Injection') vulnerability pending CVSS allocation
* CVE-2022-23307 8.8 Deserialization of Untrusted Data vulnerability pending
CVSS allocation
### Does this PR introduce _any_ user-facing change?
No.
### How was this patch tested?
No need.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
