You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@avro.apache.org by "Daniel Nash (Jira)" <ji...@apache.org> on 2022/01/13 12:36:00 UTC

[jira] [Updated] (AVRO-3304) avro-tools Update log4j dependency for critical vulnerability

     [ https://issues.apache.org/jira/browse/AVRO-3304?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Daniel Nash updated AVRO-3304:
------------------------------
    Description: Our company security is having a fit because Nessus scans are triggering on the bundled log4j in the avro-tools.jar.  Please update the log4j dependencies to the latest versions to remove the critical vulnerability present in the currently bundled log4j.  (was: Our company security is having a fit because Nessus scans are triggering on the bundled log4j (via SLF4J) in the avro-tools.jar.  Please update the log4j dependencies to the latest versions to remove the critical vulnerability present in the currently bundled log4j.)
        Summary: avro-tools Update log4j dependency for critical vulnerability  (was: avro-tools Update log4j (SLF4J) dependency for critical vulnerability)

> avro-tools Update log4j dependency for critical vulnerability
> -------------------------------------------------------------
>
>                 Key: AVRO-3304
>                 URL: https://issues.apache.org/jira/browse/AVRO-3304
>             Project: Apache Avro
>          Issue Type: Task
>          Components: tools
>    Affects Versions: 1.11.0
>            Reporter: Daniel Nash
>            Priority: Major
>
> Our company security is having a fit because Nessus scans are triggering on the bundled log4j in the avro-tools.jar.  Please update the log4j dependencies to the latest versions to remove the critical vulnerability present in the currently bundled log4j.



--
This message was sent by Atlassian Jira
(v8.20.1#820001)