Stephen Darlington created IGNITE-13464: -------------------------------------------
Summary: Ignite-rest-http includes vulnerable dependencies Key: IGNITE-13464 URL: https://issues.apache.org/jira/browse/IGNITE-13464 Project: Ignite Issue Type: Bug Components: rest Affects Versions: 2.8.1, 2.9 Reporter: Stephen Darlington The ignite-rest-http module includes a [vulnerable version|https://nvd.nist.gov/vuln/detail/CVE-2019-17571] of the log4j library. It also appears to include slf4j. Why does the REST API include its own logging libraries? This was spotted in 2.8.1 but still appears to be an issue in master and 2.9. More here: http://apache-ignite-users.70518.x6.nabble.com/critical-security-vulnerability-for-opt-ignite-apache-ignite-libs-optional-ignite-rest-http-log4j-1-r-td34031.html -- This message was sent by Atlassian Jira (v8.3.4#803005)