[ https://issues.apache.org/jira/browse/TEZ-4403?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
László Bodor updated TEZ-4403: ------------------------------ Fix Version/s: 0.9.3 > Upgrade SLF4J version to 1.7.36 > ------------------------------- > > Key: TEZ-4403 > URL: https://issues.apache.org/jira/browse/TEZ-4403 > Project: Apache Tez > Issue Type: Improvement > Reporter: Syed Shameerur Rahman > Assignee: Syed Shameerur Rahman > Priority: Major > Fix For: 0.9.3, 0.10.2 > > Time Spent: 1.5h > Remaining Estimate: 0h > > Currently we are on slf4j 1.7.30 > [https://github.com/apache/tez/blob/master/pom.xml#L65]. As per > https://mvnrepository.com/artifact/org.slf4j/slf4j-log4j12/1.7.30 , There are > four CVE's against this version. > 1. CVE-2022-23305 > 2. CVE-2022-23302 > 3. CVE-2021-4104 > 4. CVE-2019-17571 > Upgrading to 1.7.36 > [https://mvnrepository.com/artifact/org.slf4j/slf4j-log4j12/1.7.36] should > solve the security concerns. -- This message was sent by Atlassian Jira (v8.20.7#820007)