Kyle Weaver created BEAM-13481:
----------------------------------
Summary: Upgrade shadow plugin (log4j)
Key: BEAM-13481
URL: https://issues.apache.org/jira/browse/BEAM-13481
Project: Beam
Issue Type: Improvement
Components: build-system
Reporter: Kyle Weaver
Assignee: Kyle Weaver
Beam's current version of the shadow plugin (6.1.0) is dependent on a
vulnerable version of log4j. The shadow plugin is run at compile time only, and
is never bundled in any Beam applications, but the log4j dependency may still
be problematic since some organizations may have blocked it.
The shadow plugin has already made a new release, but it will require us to
upgrade to Gradle 7 (BEAM-13430):
https://github.com/johnrengelman/shadow/releases/tag/7.1.1
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
