You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@pulsar.apache.org by pe...@apache.org on 2022/04/19 09:51:25 UTC
[pulsar] 23/26: [fix][security] Remove log4j for CVE-2022-23307 (#15109)
This is an automated email from the ASF dual-hosted git repository.
penghui pushed a commit to branch branch-2.9
in repository https://gitbox.apache.org/repos/asf/pulsar.git
commit 549692f8e4f7ceac114b504e7fc354faf1e97a06
Author: Zike Yang <zi...@apache.org>
AuthorDate: Wed Apr 13 10:34:15 2022 +0800
[fix][security] Remove log4j for CVE-2022-23307 (#15109)
(cherry picked from commit a4c4aea993aabab5231d4136b7eba366bee9e778)
---
pom.xml | 13 -------------
1 file changed, 13 deletions(-)
diff --git a/pom.xml b/pom.xml
index 8b7eb2bf343..9f3bfcd4533 100644
--- a/pom.xml
+++ b/pom.xml
@@ -176,7 +176,6 @@ flexible messaging model and an intuitive client API.</description>
<commons-io.version>2.8.0</commons-io.version>
<commons-codec.version>1.15</commons-codec.version>
<javax.ws.rs-api.version>2.1</javax.ws.rs-api.version>
- <log4j.version>1.2.17</log4j.version>
<hdrHistogram.version>2.1.9</hdrHistogram.version>
<javax.servlet-api>3.1.0</javax.servlet-api>
<caffeine.version>2.9.1</caffeine.version>
@@ -785,18 +784,6 @@ flexible messaging model and an intuitive client API.</description>
<version>${jackson.databind.version}</version>
</dependency>
- <dependency>
- <artifactId>log4j</artifactId>
- <groupId>log4j</groupId>
- <version>${log4j.version}</version>
- <exclusions>
- <exclusion>
- <groupId>com.sun.jmx</groupId>
- <artifactId>jmxri</artifactId>
- </exclusion>
- </exclusions>
- </dependency>
-
<dependency>
<groupId>org.hdrhistogram</groupId>
<artifactId>HdrHistogram</artifactId>