[ https://issues.apache.org/jira/browse/RANGER-3730?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17527300#comment-17527300 ]
Bhavik Patel commented on RANGER-3730: -------------------------------------- My main concerns about the log4j.version as is impacted with many direct CVE's vulnerabilities. Knox is service uses this log4j version any idea? Also hadoop and ZK moved to reaload4j. https://issues.apache.org/jira/browse/HADOOP-16717 & https://issues.apache.org/jira/browse/RANGER-3728 > log4j dependency is not completely removed > ------------------------------------------ > > Key: RANGER-3730 > URL: https://issues.apache.org/jira/browse/RANGER-3730 > Project: Ranger > Issue Type: Bug > Components: Ranger > Affects Versions: 3.0.0, 2.3.0 > Reporter: Bhavik Patel > Priority: Major > > log4j dependency is present in parent pom file - > [https://github.com/apache/ranger/blob/master/pom.xml#L166] > > [~madhan] [~ma3mansoori123] -- This message was sent by Atlassian Jira (v8.20.7#820007)