[jira] [Created] (IGNITE-16650) Exclude ignite-log4j, log4j 1.2.17

Thu, 03 Mar 2022 08:48:06 -0800 

Sergei Ryzhov created IGNITE-16650:
--------------------------------------

             Summary: Exclude ignite-log4j, log4j 1.2.17
                 Key: IGNITE-16650
                 URL: https://issues.apache.org/jira/browse/IGNITE-16650
             Project: Ignite
          Issue Type: Bug
            Reporter: Sergei Ryzhov
            Assignee: Sergei Ryzhov


log4j 1.2.17 is not supported and contains critical vulnerabilities
https://blogs.apache.org/foundation/entry/apache_logging_services_project_announces

I suggest excluding the ignite-log4j module from ignite

Direct vulnerabilities:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23305
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23302
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4104
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17571



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

Reply via email to