[
https://issues.apache.org/jira/browse/TINKERPOP-2715?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17502561#comment-17502561
]
PJ Fanning commented on TINKERPOP-2715:
---------------------------------------
[~spmallette] this was just one random example of a few -
https://github.com/apache/tinkerpop/blob/master/hadoop-gremlin/pom.xml is
another
I am part of the ASF Security team and the ASF are getting a lot of stick about
continued usage of log4jv1 - a framework that was EOL many years ago and that
has many open security issues.
> remove log4jv1 dependency
> -------------------------
>
> Key: TINKERPOP-2715
> URL: https://issues.apache.org/jira/browse/TINKERPOP-2715
> Project: TinkerPop
> Issue Type: Improvement
> Components: build-release
> Affects Versions: 3.5.2
> Reporter: PJ Fanning
> Priority: Major
>
> Can this be reconsidered? Log4jv1 has even more open CVEs now.
> [https://repo1.maven.org/maven2/org/apache/tinkerpop/gremlin-driver/3.5.2/gremlin-driver-3.5.2.pom]
> https://issues.apache.org/jira/browse/TINKERPOP-1983
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
