[
https://issues.apache.org/jira/browse/NIFI-9531?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
David Handermann resolved NIFI-9531.
------------------------------------
Assignee: David Handermann
Resolution: Not A Problem
Version 1.7.32 refers to the version of SLF4J and associated bridge libraries
for Log4j. These libraries are not vulnerable to the recent issues reported
for Log4j 2.
If you have a particular report that identifies that exact library file name,
that might be helpful, but it sounds like the security report in question may
be identifying a false positive based on the SLF4J version number described.
> Nifi 1.15.2 still having older log4j
> ------------------------------------
>
> Key: NIFI-9531
> URL: https://issues.apache.org/jira/browse/NIFI-9531
> Project: Apache NiFi
> Issue Type: Bug
> Components: NiFi Stateless
> Affects Versions: 1.15.1
> Reporter: Subbu
> Assignee: David Handermann
> Priority: Major
> Fix For: 1.15.2
>
>
> Nifi 1.15.0 and 1.15.2 both contains same log4j version (version 1.7.32)
> which is reported by security team as a vulnerability.
> IT security team looking for latest log4j version 2.17.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
