[
https://issues.apache.org/jira/browse/FLUME-3480?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17784317#comment-17784317
]
Nikita Pande commented on FLUME-3480:
-------------------------------------
[~rgoers] please review it
> remove Log4J 1.x as it has reached its end of life
> --------------------------------------------------
>
> Key: FLUME-3480
> URL: https://issues.apache.org/jira/browse/FLUME-3480
> Project: Flume
> Issue Type: Improvement
> Reporter: Nikita Pande
> Assignee: Nikita Pande
> Priority: Major
> Labels: pull-request-available
> Time Spent: 10m
> Remaining Estimate: 0h
>
> * log4j1.2.17 is still being used in . It is EOL and vulnerable jar
> * Also build-support module plugin still uses log4j:log4j:jar:1.2.12 which is
> vulnerable
> * It should be removed and replaced by a module with minimal software change
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
