[jira] [Created] (TEZ-4403) Upgrade slf4j version to 1.7.34

Syed Shameerur Rahman (Jira) Tue, 05 Apr 2022 02:26:04 -0700

Syed Shameerur Rahman created TEZ-4403:
------------------------------------------


             Summary: Upgrade slf4j version to 1.7.34
                 Key: TEZ-4403
                 URL: https://issues.apache.org/jira/browse/TEZ-4403
             Project: Apache Tez
          Issue Type: Improvement
            Reporter: Syed Shameerur Rahman
            Assignee: Syed Shameerur Rahman
             Fix For: 0.10.2


Currently we are on slf4j 1.7.30 
[https://github.com/apache/tez/blob/master/pom.xml#L65]. As per 
https://mvnrepository.com/artifact/org.slf4j/slf4j-log4j12/1.7.30 , There are 
four CVE's against this version.
1. CVE-2022-23305
2. CVE-2022-23302
3. CVE-2021-4104
4. CVE-2019-17571

Upgrading to 1.7.34 
[https://mvnrepository.com/artifact/org.slf4j/slf4j-log4j12/1.7.34] should 
solve the security concerns.

Reference
1. https://github.com/apache/tez/blob/master/pom.xml#L256
2. https://github.com/apache/tez/blob/master/pom.xml#L240




--
This message was sent by Atlassian Jira
(v8.20.1#820001)

[jira] [Created] (TEZ-4403) Upgrade slf4j version to 1.7.34

Reply via email to