You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@hbase.apache.org by "Nikita Pande (Jira)" <ji...@apache.org> on 2024/04/17 13:24:00 UTC

[jira] [Created] (HBASE-28532) remove vulnerable slf4j-log4j12 dependency

Nikita Pande created HBASE-28532:
------------------------------------

             Summary: remove vulnerable slf4j-log4j12 dependency
                 Key: HBASE-28532
                 URL: https://issues.apache.org/jira/browse/HBASE-28532
             Project: HBase
          Issue Type: Improvement
            Reporter: Nikita Pande


slf4j-log4j12 is a bridge from SLF4J to Log4j 1.x.

Since log4j 1.x is vulnerable , so this needs to be removed.

 

It is to be replaced with the log4j-slf4j-impl dependency, which is a bridge from SLF4J to Log4j 2.x.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)