Sergei Ryzhov created IGNITE-16650: -------------------------------------- Summary: Exclude ignite-log4j, log4j 1.2.17 Key: IGNITE-16650 URL: https://issues.apache.org/jira/browse/IGNITE-16650 Project: Ignite Issue Type: Bug Reporter: Sergei Ryzhov Assignee: Sergei Ryzhov
log4j 1.2.17 is not supported and contains critical vulnerabilities https://blogs.apache.org/foundation/entry/apache_logging_services_project_announces I suggest excluding the ignite-log4j module from ignite Direct vulnerabilities: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23305 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23302 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4104 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17571 -- This message was sent by Atlassian Jira (v8.20.1#820001)