[ 
https://issues.apache.org/jira/browse/TEZ-4403?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

László Bodor updated TEZ-4403:
------------------------------
    Fix Version/s: 0.9.3

> Upgrade SLF4J version to 1.7.36
> -------------------------------
>
>                 Key: TEZ-4403
>                 URL: https://issues.apache.org/jira/browse/TEZ-4403
>             Project: Apache Tez
>          Issue Type: Improvement
>            Reporter: Syed Shameerur Rahman
>            Assignee: Syed Shameerur Rahman
>            Priority: Major
>             Fix For: 0.9.3, 0.10.2
>
>          Time Spent: 1.5h
>  Remaining Estimate: 0h
>
> Currently we are on slf4j 1.7.30 
> [https://github.com/apache/tez/blob/master/pom.xml#L65]. As per 
> https://mvnrepository.com/artifact/org.slf4j/slf4j-log4j12/1.7.30 , There are 
> four CVE's against this version.
> 1. CVE-2022-23305
> 2. CVE-2022-23302
> 3. CVE-2021-4104
> 4. CVE-2019-17571
> Upgrading to 1.7.36 
> [https://mvnrepository.com/artifact/org.slf4j/slf4j-log4j12/1.7.36] should 
> solve the security concerns.



--
This message was sent by Atlassian Jira
(v8.20.7#820007)

Reply via email to