1zha0 opened a new pull request #3429:
URL: https://github.com/apache/storm/pull/3429
## What is the purpose of the change
log4j v1 is at it's EOL, but due to some implicit package references in
maven, some tools/libs is still packaging log4j. All latest releases are all
being impacted.
Packages impacted:
- storm-autocreds
- storm-kafka-monitor
It would be good to fix/release this together with log4j v2 recent CVEs,
thus vulnerability scan will be clear for log4j vulnerability.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscr...@storm.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
