You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@pulsar.apache.org by pe...@apache.org on 2022/04/13 02:34:22 UTC
[pulsar] branch master updated: [fix][security] Remove log4j for CVE-2022-23307 (#15109)
This is an automated email from the ASF dual-hosted git repository.
penghui pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/pulsar.git
The following commit(s) were added to refs/heads/master by this push:
new a4c4aea993a [fix][security] Remove log4j for CVE-2022-23307 (#15109)
a4c4aea993a is described below
commit a4c4aea993aabab5231d4136b7eba366bee9e778
Author: Zike Yang <zi...@apache.org>
AuthorDate: Wed Apr 13 10:34:15 2022 +0800
[fix][security] Remove log4j for CVE-2022-23307 (#15109)
---
pom.xml | 13 -------------
1 file changed, 13 deletions(-)
diff --git a/pom.xml b/pom.xml
index 247b066af8b..70afec17336 100644
--- a/pom.xml
+++ b/pom.xml
@@ -180,7 +180,6 @@ flexible messaging model and an intuitive client API.</description>
<commons-io.version>2.8.0</commons-io.version>
<commons-codec.version>1.15</commons-codec.version>
<javax.ws.rs-api.version>2.1</javax.ws.rs-api.version>
- <log4j.version>1.2.17</log4j.version>
<hdrHistogram.version>2.1.9</hdrHistogram.version>
<javax.servlet-api>3.1.0</javax.servlet-api>
<caffeine.version>2.9.1</caffeine.version>
@@ -792,18 +791,6 @@ flexible messaging model and an intuitive client API.</description>
<version>${jackson.databind.version}</version>
</dependency>
- <dependency>
- <artifactId>log4j</artifactId>
- <groupId>log4j</groupId>
- <version>${log4j.version}</version>
- <exclusions>
- <exclusion>
- <groupId>com.sun.jmx</groupId>
- <artifactId>jmxri</artifactId>
- </exclusion>
- </exclusions>
- </dependency>
-
<dependency>
<groupId>org.hdrhistogram</groupId>
<artifactId>HdrHistogram</artifactId>