[jira] [Updated] (OPENJPA-2899) openjpa-maven-plugin 3.2.1 uses log4j version 2.14.1

Romain Manni-Bucau (Jira) Tue, 22 Feb 2022 23:55:05 -0800


     [ 
https://issues.apache.org/jira/browse/OPENJPA-2899?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Romain Manni-Bucau updated OPENJPA-2899:
----------------------------------------
    Priority: Minor  (was: Critical)

> openjpa-maven-plugin 3.2.1 uses log4j version 2.14.1
> ----------------------------------------------------
>
>                 Key: OPENJPA-2899
>                 URL: https://issues.apache.org/jira/browse/OPENJPA-2899
>             Project: OpenJPA
>          Issue Type: Bug
>            Reporter: Rich M
>            Priority: Minor
>
> openjpa-maven-plugin version 3.2.1 contains dependency of log4j version 
> 2.14.1.
> <log4j2.version>2.14.1</log4j2.version>
> Since the log4j versions lower than 2.17.1 contains critical vulnerabilities, 
> what is the plan to move away from this version ? 
> Can this be overridden when declaring openjpa-maven-plugin dependency ?



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

[jira] [Updated] (OPENJPA-2899) openjpa-maven-plugin 3.2.1 uses log4j version 2.14.1

Reply via email to