[
https://issues.apache.org/jira/browse/AVRO-3304?focusedWorklogId=711323&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-711323
]
ASF GitHub Bot logged work on AVRO-3304:
----------------------------------------
Author: ASF GitHub Bot
Created on: 19/Jan/22 11:36
Start Date: 19/Jan/22 11:36
Worklog Time Spent: 10m
Work Description: martin-g commented on pull request #1464:
URL: https://github.com/apache/avro/pull/1464#issuecomment-1016376030
Merged!
We can easily update the version of Reload4j once it is released!
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscr...@avro.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
Issue Time Tracking
-------------------
Worklog Id: (was: 711323)
Time Spent: 1h 40m (was: 1.5h)
> avro-tools Update log4j dependency for critical vulnerability
> -------------------------------------------------------------
>
> Key: AVRO-3304
> URL: https://issues.apache.org/jira/browse/AVRO-3304
> Project: Apache Avro
> Issue Type: Task
> Components: tools
> Affects Versions: 1.11.0
> Reporter: Daniel Nash
> Assignee: Ryan Skraba
> Priority: Major
> Labels: pull-request-available
> Time Spent: 1h 40m
> Remaining Estimate: 0h
>
> Our company security is having a fit because Nessus scans are triggering on
> the bundled log4j in the avro-tools.jar. Please update the log4j
> dependencies to the latest versions to remove the critical vulnerability
> present in the currently bundled log4j.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
