[jira] [Commented] (BEAM-13481) Upgrade shadow plugin (log4j)

Kyle Weaver (Jira) Thu, 16 Dec 2021 15:54:04 -0800


    [ 
https://issues.apache.org/jira/browse/BEAM-13481?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17461127#comment-17461127
 ]


Kyle Weaver commented on BEAM-13481:
------------------------------------

https://github.com/johnrengelman/shadow/issues/739

> Upgrade shadow plugin (log4j)
> -----------------------------
>
>                 Key: BEAM-13481
>                 URL: https://issues.apache.org/jira/browse/BEAM-13481
>             Project: Beam
>          Issue Type: Improvement
>          Components: build-system
>            Reporter: Kyle Weaver
>            Assignee: Kyle Weaver
>            Priority: P2
>
> Beam's current version of the shadow plugin (6.1.0) is dependent on a 
> vulnerable version of log4j. The shadow plugin is run at compile time only, 
> and is never bundled in any Beam applications, but the log4j dependency may 
> still be problematic since some organizations may have blocked it.
> The shadow plugin has already made a new release, but it will require us to 
> upgrade to Gradle 7 (BEAM-13430): 
> https://github.com/johnrengelman/shadow/releases/tag/7.1.1



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

[jira] [Commented] (BEAM-13481) Upgrade shadow plugin (log4j)

Reply via email to