You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@ignite.apache.org by "Maxim Muzafarov (Jira)" <ji...@apache.org> on 2022/05/30 13:30:00 UTC

[jira] [Commented] (IGNITE-16650) Exclude ignite-log4j, log4j 1.2.17

    [ https://issues.apache.org/jira/browse/IGNITE-16650?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17543944#comment-17543944 ] 

Maxim Muzafarov commented on IGNITE-16650:
------------------------------------------

During the migration to the log4j2 we can also highlingh the logs:

log4j2 - %highlight{%d [%t] %-5level: %msg%n%throwable}{FATAL=white, ERROR=red, WARN=blue, INFO=black, DEBUG=green, TRACE=blue}

> Exclude ignite-log4j, log4j 1.2.17
> ----------------------------------
>
>                 Key: IGNITE-16650
>                 URL: https://issues.apache.org/jira/browse/IGNITE-16650
>             Project: Ignite
>          Issue Type: Bug
>            Reporter: Sergei Ryzhov
>            Assignee: Sergei Ryzhov
>            Priority: Major
>              Labels: ise
>          Time Spent: 10m
>  Remaining Estimate: 0h
>
> log4j 1.2.17 is not supported and contains critical vulnerabilities
> https://blogs.apache.org/foundation/entry/apache_logging_services_project_announces
> I suggest excluding the ignite-log4j module from ignite
> Direct vulnerabilities:
> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23305
> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23302
> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4104
> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17571



--
This message was sent by Atlassian Jira
(v8.20.7#820007)