You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@tez.apache.org by "Syed Shameerur Rahman (Jira)" <ji...@apache.org> on 2022/04/25 11:11:00 UTC
[jira] [Updated] (TEZ-4403) Upgrade SLF4J version to 1.7.36
[ https://issues.apache.org/jira/browse/TEZ-4403?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Syed Shameerur Rahman updated TEZ-4403:
---------------------------------------
Summary: Upgrade SLF4J version to 1.7.36 (was: Upgrade slf4j version to 1.7.34)
> Upgrade SLF4J version to 1.7.36
> -------------------------------
>
> Key: TEZ-4403
> URL: https://issues.apache.org/jira/browse/TEZ-4403
> Project: Apache Tez
> Issue Type: Improvement
> Reporter: Syed Shameerur Rahman
> Assignee: Syed Shameerur Rahman
> Priority: Major
> Fix For: 0.10.2
>
> Time Spent: 50m
> Remaining Estimate: 0h
>
> Currently we are on slf4j 1.7.30 [https://github.com/apache/tez/blob/master/pom.xml#L65]. As per https://mvnrepository.com/artifact/org.slf4j/slf4j-log4j12/1.7.30 , There are four CVE's against this version.
> 1. CVE-2022-23305
> 2. CVE-2022-23302
> 3. CVE-2021-4104
> 4. CVE-2019-17571
> Upgrading to 1.7.34 [https://mvnrepository.com/artifact/org.slf4j/slf4j-log4j12/1.7.34] should solve the security concerns.
> Reference
> 1. https://github.com/apache/tez/blob/master/pom.xml#L256
> 2. https://github.com/apache/tez/blob/master/pom.xml#L240
--
This message was sent by Atlassian Jira
(v8.20.7#820007)