You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@storm.apache.org by GitBox <gi...@apache.org> on 2021/12/20 10:14:21 UTC

[GitHub] [storm] 1zha0 opened a new pull request #3429: STORM-3812: Fix implicate reference to log4j v1.

1zha0 opened a new pull request #3429:
URL: https://github.com/apache/storm/pull/3429


   ## What is the purpose of the change
   
   log4j v1 is at it's EOL, but due to some implicit package references in maven, some tools/libs is still packaging log4j. All latest releases are all being impacted. 
   
   Packages impacted:
   - storm-autocreds
   - storm-kafka-monitor
    
   It would be good to fix/release this together with log4j v2 recent CVEs, thus vulnerability scan will be clear for log4j vulnerability.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@storm.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [storm] kishorvpatil commented on pull request #3429: WIP - [STORM-3812] Fix implicit reference to log4j v1.

Posted by GitBox <gi...@apache.org>.

kishorvpatil commented on pull request #3429:
URL: https://github.com/apache/storm/pull/3429#issuecomment-1050094949


   @1zha0 , can you please remove conflicts here?


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@storm.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [storm] 1zha0 commented on pull request #3429: WIP - [STORM-3812] Fix implicit reference to log4j v1.

Posted by GitBox <gi...@apache.org>.

1zha0 commented on pull request #3429:
URL: https://github.com/apache/storm/pull/3429#issuecomment-1068715916


   This might be over taken by https://github.com/apache/storm/pull/3451. Close off.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@storm.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [storm] 1zha0 closed pull request #3429: WIP - [STORM-3812] Fix implicit reference to log4j v1.

Posted by GitBox <gi...@apache.org>.

1zha0 closed pull request #3429:
URL: https://github.com/apache/storm/pull/3429


   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@storm.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org