[jira] [Commented] (BEAM-14069) Traces of Log4j 1.x inside of beam-runners-flink-1.13-job-server-2.36.0.jar

Ohad Pinchevsky (Jira) Thu, 17 Mar 2022 11:11:04 -0700


    [ 
https://issues.apache.org/jira/browse/BEAM-14069?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17508363#comment-17508363
 ]


Ohad Pinchevsky commented on BEAM-14069:
----------------------------------------

Our concern is security - the dependency appears in security scans.

> Traces of Log4j 1.x inside of beam-runners-flink-1.13-job-server-2.36.0.jar 
> ----------------------------------------------------------------------------
>
>                 Key: BEAM-14069
>                 URL: https://issues.apache.org/jira/browse/BEAM-14069
>             Project: Beam
>          Issue Type: Improvement
>          Components: runner-flink
>    Affects Versions: 2.36.0
>            Reporter: Ohad Pinchevsky
>            Priority: P2
>
> Log4j 1.x is EOL, still traces of it found inside 
> beam-runners-flink-1.13-job-server-2.36.0.jar
> Path to pom.xml with that version:
> /beam-runners-flink-1.13-job-server-2.36.0/META-INF/maven/log4j/log4j/pom.xml
> Inside version tag: 1.2.17
>  



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

[jira] [Commented] (BEAM-14069) Traces of Log4j 1.x inside of beam-runners-flink-1.13-job-server-2.36.0.jar

Reply via email to