You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@storm.apache.org by GitBox <gi...@apache.org> on 2022/03/07 20:11:32 UTC

[GitHub] [storm] agresch commented on a change in pull request #3451: STORM-3831 exclude older log4j

agresch commented on a change in pull request #3451:
URL: https://github.com/apache/storm/pull/3451#discussion_r821064875



##########
File path: DEPENDENCY-LICENSES
##########
@@ -690,9 +690,9 @@ List of third-party dependencies grouped by their license type.
         * jnr-x86asm (com.github.jnr:jnr-x86asm:1.0.2 - http://github.com/jnr/jnr-x86asm)
         * Joni (org.jruby.joni:joni:2.1.11 - http://nexus.sonatype.org/oss-repository-hosting.html/joni)
         * JUL to SLF4J bridge (org.slf4j:jul-to-slf4j:1.7.26 - http://www.slf4j.org)
-        * SLF4J API Module (org.slf4j:slf4j-api:1.7.26 - http://www.slf4j.org)
+        * SLF4J API Module (org.slf4j:slf4j-api:1.7.36 - http://www.slf4j.org)
         * SLF4J API Module (org.slf4j:slf4j-api:1.7.6 - http://www.slf4j.org)
-        * SLF4J LOG4J-12 Binding (org.slf4j:slf4j-log4j12:1.7.26 - http://www.slf4j.org)
+        * SLF4J Reload4j Binding (org.slf4j:slf4j-reload4j:1.7.36 - http://reload4j.qos.ch)

Review comment:
       slf4j.version was updated to 1.7.36 due to vulnerabilities, see my comment above.
   
   This was updated using the maven command provided to fix issues.




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@storm.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org