You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@iotdb.apache.org by "Chao Wang (Jira)" <ji...@apache.org> on 2022/01/26 08:41:00 UTC
[jira] [Created] (IOTDB-2497) Upgrade log4j1 to log4j2
Chao Wang created IOTDB-2497:
--------------------------------
Summary: Upgrade log4j1 to log4j2
Key: IOTDB-2497
URL: https://issues.apache.org/jira/browse/IOTDB-2497
Project: Apache IoTDB
Issue Type: Improvement
Components: Core/Server
Reporter: Chao Wang
Assignee: Chao Wang
Fix For: 0.13.0
Currently, log4j1.x has reached EOM. The community maintains only log4j2.x.And log4j1.x has a lot of CVEs.CVE-2022-23302/23305/23307.The impact of these vulnerabilities is still significant.So we can upgrade log4j to 2.x.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)