Hi,
As per release notes of NiFi 1.15.1, all the log4j.2.X dependencies has been upgraded to 2.16. But while deploying the latest NiFi Version, I can see some older JARs like log4j-over-slf4j-1.7.32.jar, jul-to-slf4j-1.7.32.jar, slf4j-api-1.7.32.jar. I just want to confirm if they are affected with latest log4j vulnerability or they are safe to use with latest NiFi Version. Thanks and Regards Chahat Madaan +91 844 874 3588 From: Chahat Madaan <[email protected]> Date: Friday, 17 December 2021 at 1:12 PM To: <[email protected]> Cc: Snehadeep Vikram <[email protected]> Subject: Apache NiFi-1.15.1 Older sl4j and log4j jars Hi, As per release notes of NiFi 1.15.1, all the log4j.2.X dependencies has been upgraded to 2.16. But while deploying the lastest NiFi Version, I can see some older JARs like log4j-over-slf4j-1.7.32.jar, jul-to-slf4j-1.7.32.jar, slf4j-api-1.7.32.jar. I just want to confirm if they are affected with latest log4j vulnerability or they are safe to use with lastest NiFi Version. Thanks and Regards Chahat Madaan +91 844 874 3588
