You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@phoenix.apache.org by "Istvan Toth (Jira)" <ji...@apache.org> on 2023/04/14 07:00:00 UTC
[jira] [Updated] (PHOENIX-5978) Log4j CVE in Phoenix client jar
[ https://issues.apache.org/jira/browse/PHOENIX-5978?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Istvan Toth updated PHOENIX-5978:
---------------------------------
Component/s: (was: connectors)
> Log4j CVE in Phoenix client jar
> -------------------------------
>
> Key: PHOENIX-5978
> URL: https://issues.apache.org/jira/browse/PHOENIX-5978
> Project: Phoenix
> Issue Type: Bug
> Affects Versions: 4.14.1
> Reporter: Abhishek
> Priority: Major
>
> Log4j CVE's being reported on the client jar as it uses log4j 1.2 version. CVE's being reported are CVE-2020-9488 which is fixed in log4j 2.x version.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)