[ https://issues.apache.org/jira/browse/IGNITE-16650?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Sergei Ryzhov updated IGNITE-16650: ----------------------------------- Labels: ise (was: ) > Exclude ignite-log4j, log4j 1.2.17 > ---------------------------------- > > Key: IGNITE-16650 > URL: https://issues.apache.org/jira/browse/IGNITE-16650 > Project: Ignite > Issue Type: Bug > Reporter: Sergei Ryzhov > Assignee: Sergei Ryzhov > Priority: Major > Labels: ise > > log4j 1.2.17 is not supported and contains critical vulnerabilities > https://blogs.apache.org/foundation/entry/apache_logging_services_project_announces > I suggest excluding the ignite-log4j module from ignite > Direct vulnerabilities: > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23305 > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23302 > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4104 > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17571 -- This message was sent by Atlassian Jira (v8.20.1#820001)