You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-dev@hadoop.apache.org by "helen huang (Jira)" <ji...@apache.org> on 2021/04/11 13:30:00 UTC
[jira] [Created] (HADOOP-17632) Please upgrade the log4j dependency
to log4j2
helen huang created HADOOP-17632:
------------------------------------
Summary: Please upgrade the log4j dependency to log4j2
Key: HADOOP-17632
URL: https://issues.apache.org/jira/browse/HADOOP-17632
Project: Hadoop Common
Issue Type: Improvement
Components: common
Affects Versions: 3.3.0
Reporter: helen huang
Fix For: 3.4.0, 3.3.0
The log4j dependency being use by hadoop-common is currently version 1.2.17. Our fortify scan picked up a couple of issues with this dependency. Please upgrade it to the latest version of log4j2 dependencies:
<dependency>
<groupId>org.apache.logging.log4j</groupId>
<artifactId>log4j-api</artifactId>
<version>2.14.1</version>
</dependency>
<dependency>
<groupId>org.apache.logging.log4j</groupId>
<artifactId>log4j-core</artifactId>
<version>2.14.1</version>
</dependency>
The slf4j dependency will need to be updated as well after you upgrade log4j to log4j2.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: common-dev-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-dev-help@hadoop.apache.org