You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@pulsar.apache.org by pe...@apache.org on 2022/04/28 14:11:17 UTC
[pulsar] 06/15: [fix][security] Remove log4j for CVE-2022-23307 (#15109)
This is an automated email from the ASF dual-hosted git repository.
penghui pushed a commit to branch branch-2.8
in repository https://gitbox.apache.org/repos/asf/pulsar.git
commit c8858e18da05e53033a469a66661e38c3c146034
Author: Zike Yang <zi...@apache.org>
AuthorDate: Wed Apr 13 10:34:15 2022 +0800
[fix][security] Remove log4j for CVE-2022-23307 (#15109)
(cherry picked from commit a4c4aea993aabab5231d4136b7eba366bee9e778)
---
pom.xml | 13 -------------
1 file changed, 13 deletions(-)
diff --git a/pom.xml b/pom.xml
index a11213b4c21..6eed7ee0dc6 100644
--- a/pom.xml
+++ b/pom.xml
@@ -177,7 +177,6 @@ flexible messaging model and an intuitive client API.</description>
<commons-io.version>2.8.0</commons-io.version>
<commons-codec.version>1.15</commons-codec.version>
<javax.ws.rs-api.version>2.1</javax.ws.rs-api.version>
- <log4j.version>1.2.17</log4j.version>
<hdrHistogram.version>2.1.9</hdrHistogram.version>
<javax.servlet-api>3.1.0</javax.servlet-api>
<caffeine.version>2.9.1</caffeine.version>
@@ -748,18 +747,6 @@ flexible messaging model and an intuitive client API.</description>
<version>${jackson.databind.version}</version>
</dependency>
- <dependency>
- <artifactId>log4j</artifactId>
- <groupId>log4j</groupId>
- <version>${log4j.version}</version>
- <exclusions>
- <exclusion>
- <groupId>com.sun.jmx</groupId>
- <artifactId>jmxri</artifactId>
- </exclusion>
- </exclusions>
- </dependency>
-
<dependency>
<groupId>org.hdrhistogram</groupId>
<artifactId>HdrHistogram</artifactId>