Bcc'ing you Martin Yes of course we're very in tuned to what is happening. The convenience binary we sent doesn't contain log4j impacted libs. But some of the nars we publish that people can use do. We also do not use log4j directly as we use slf4j. But we're not certain that every possible avenue of this is shut down so we're treating this as if we must replace it entirely. To that end we are releasing Apache NiFi 1.15.1 and doing so in urgent timeline. There have been issues with the release process presumably due to Apache being under so much load. But we're on it. Hopefully vote today/release up/available tomorrow. TBD
Thanks On Tue, Dec 14, 2021 at 9:40 AM Haris Javaid <haris.jav...@toronto.ca> wrote: > > Hi there, > I am sure you guys are aware of the recently found log4j vulnerability. I am > curious to know if its required for us Nifi users to take some action. Please > let me know > > Thanks, > H
