You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@hbase.apache.org by "Nikita Pande (Jira)" <ji...@apache.org> on 2024/04/17 13:24:00 UTC
[jira] [Created] (HBASE-28532) remove vulnerable slf4j-log4j12 dependency
Nikita Pande created HBASE-28532:
------------------------------------
Summary: remove vulnerable slf4j-log4j12 dependency
Key: HBASE-28532
URL: https://issues.apache.org/jira/browse/HBASE-28532
Project: HBase
Issue Type: Improvement
Reporter: Nikita Pande
slf4j-log4j12 is a bridge from SLF4J to Log4j 1.x.
Since log4j 1.x is vulnerable , so this needs to be removed.
It is to be replaced with the log4j-slf4j-impl dependency, which is a bridge from SLF4J to Log4j 2.x.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)