Hi Igniters, Preliminary: change of the log4j version does not affect any tests (Alexander Nikolaev, correct me if I'm wrong).
If you're using embedded Ignite, it's perfectly possible to enforce jog4j2 dependency to be 2.15.0 in your project final pom.xml or build.gradle or any other build system properties. https://issues.apache.org/jira/browse/IGNITE-16101 ticket seems to be a blocker for 2.12. But for now, as a workaround, it's possible to select the latest version manually. Sincerely, Dmitriy Pavlov сб, 11 дек. 2021 г. в 09:47, Nikita Amelchev <namelc...@apache.org>: > Hello. > > The issue to update dependency was created: > https://issues.apache.org/jira/browse/IGNITE-16101 > > I want to include it to the 2.12 scope. > > сб, 11 дек. 2021 г., 09:19 Raymond Wilson <raymond_wil...@trimble.com>: > > > All > > > > This blew up today: CVE-2021-44228 ( > > > > > https://www.bleepingcomputer.com/news/security/new-zero-day-exploit-for-log4j-java-library-is-an-enterprise-nightmare/ > > ) > > > > Will there be a risk assessment with respect to Ignite for this CVE? > > > > Thanks, > > Raymond. > > > > -- > > <http://www.trimble.com/> > > Raymond Wilson > > Trimble Distinguished Engineer, Civil Construction Software (CCS) > > 11 Birmingham Drive | Christchurch, New Zealand > > raymond_wil...@trimble.com > > > > < > > > https://worksos.trimble.com/?utm_source=Trimble&utm_medium=emailsign&utm_campaign=Launch > > > > > >
