[
https://issues.apache.org/jira/browse/RANGER-3730?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17527300#comment-17527300
]
Bhavik Patel commented on RANGER-3730:
--------------------------------------
My main concerns about the log4j.version as is impacted with many direct CVE's
vulnerabilities. Knox is service uses this log4j version any idea?
Also hadoop and ZK moved to reaload4j.
https://issues.apache.org/jira/browse/HADOOP-16717 &
https://issues.apache.org/jira/browse/RANGER-3728
> log4j dependency is not completely removed
> ------------------------------------------
>
> Key: RANGER-3730
> URL: https://issues.apache.org/jira/browse/RANGER-3730
> Project: Ranger
> Issue Type: Bug
> Components: Ranger
> Affects Versions: 3.0.0, 2.3.0
> Reporter: Bhavik Patel
> Priority: Major
>
> log4j dependency is present in parent pom file -
> [https://github.com/apache/ranger/blob/master/pom.xml#L166]
>
> [~madhan] [~ma3mansoori123]
--
This message was sent by Atlassian Jira
(v8.20.7#820007)
