You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tinkerpop.apache.org by "Stephen Mallette (Jira)" <ji...@apache.org> on 2022/06/16 10:47:00 UTC
[jira] [Closed] (TINKERPOP-2715) remove log4jv1 dependency
[ https://issues.apache.org/jira/browse/TINKERPOP-2715?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Stephen Mallette closed TINKERPOP-2715.
---------------------------------------
Fix Version/s: 3.7.0
3.6.1
Assignee: Stephen Mallette
Resolution: Done
hadoop removed log4j 1.x and replaced it with reload4j. recent bump to the latest version along 3.6.x allowed log4j 1.x to be removed:
https://github.com/apache/tinkerpop/commit/01663308b8ddf21c996567bdc32ac217530cd0b5
> remove log4jv1 dependency
> -------------------------
>
> Key: TINKERPOP-2715
> URL: https://issues.apache.org/jira/browse/TINKERPOP-2715
> Project: TinkerPop
> Issue Type: Improvement
> Components: build-release
> Affects Versions: 3.5.2
> Reporter: PJ Fanning
> Assignee: Stephen Mallette
> Priority: Major
> Fix For: 3.7.0, 3.6.1
>
>
> Can this be reconsidered? Log4jv1 has even more open CVEs now.
> [https://repo1.maven.org/maven2/org/apache/tinkerpop/gremlin-driver/3.5.2/gremlin-driver-3.5.2.pom]
> https://issues.apache.org/jira/browse/TINKERPOP-1983
--
This message was sent by Atlassian Jira
(v8.20.7#820007)