You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@iotdb.apache.org by "Chao Wang (Jira)" <ji...@apache.org> on 2022/01/26 08:41:00 UTC

[jira] [Created] (IOTDB-2497) Upgrade log4j1 to log4j2

Chao Wang created IOTDB-2497:
--------------------------------

             Summary: Upgrade log4j1 to log4j2
                 Key: IOTDB-2497
                 URL: https://issues.apache.org/jira/browse/IOTDB-2497
             Project: Apache IoTDB
          Issue Type: Improvement
          Components: Core/Server
            Reporter: Chao Wang
            Assignee: Chao Wang
             Fix For: 0.13.0


Currently, log4j1.x has reached EOM. The community maintains only log4j2.x.And log4j1.x has a lot of CVEs.CVE-2022-23302/23305/23307.The impact of these vulnerabilities is still significant.So we can upgrade log4j to 2.x.



--
This message was sent by Atlassian Jira
(v8.20.1#820001)