You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@tez.apache.org by "Syed Shameerur Rahman (Jira)" <ji...@apache.org> on 2022/04/25 11:11:00 UTC

[jira] [Updated] (TEZ-4403) Upgrade SLF4J version to 1.7.36

     [ https://issues.apache.org/jira/browse/TEZ-4403?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Syed Shameerur Rahman updated TEZ-4403:
---------------------------------------
    Summary: Upgrade SLF4J version to 1.7.36  (was: Upgrade slf4j version to 1.7.34)

> Upgrade SLF4J version to 1.7.36
> -------------------------------
>
>                 Key: TEZ-4403
>                 URL: https://issues.apache.org/jira/browse/TEZ-4403
>             Project: Apache Tez
>          Issue Type: Improvement
>            Reporter: Syed Shameerur Rahman
>            Assignee: Syed Shameerur Rahman
>            Priority: Major
>             Fix For: 0.10.2
>
>          Time Spent: 50m
>  Remaining Estimate: 0h
>
> Currently we are on slf4j 1.7.30 [https://github.com/apache/tez/blob/master/pom.xml#L65]. As per https://mvnrepository.com/artifact/org.slf4j/slf4j-log4j12/1.7.30 , There are four CVE's against this version.
> 1. CVE-2022-23305
> 2. CVE-2022-23302
> 3. CVE-2021-4104
> 4. CVE-2019-17571
> Upgrading to 1.7.34 [https://mvnrepository.com/artifact/org.slf4j/slf4j-log4j12/1.7.34] should solve the security concerns.
> Reference
> 1. https://github.com/apache/tez/blob/master/pom.xml#L256
> 2. https://github.com/apache/tez/blob/master/pom.xml#L240



--
This message was sent by Atlassian Jira
(v8.20.7#820007)