You are viewing a plain text version of this content. The canonical link for it is here.

Posted to common-dev@hadoop.apache.org by "helen huang (Jira)" <ji...@apache.org> on 2021/04/11 13:30:00 UTC

[jira] [Created] (HADOOP-17632) Please upgrade the log4j dependency to log4j2

helen huang created HADOOP-17632:
------------------------------------

             Summary: Please upgrade the log4j dependency to log4j2
                 Key: HADOOP-17632
                 URL: https://issues.apache.org/jira/browse/HADOOP-17632
             Project: Hadoop Common
          Issue Type: Improvement
          Components: common
    Affects Versions: 3.3.0
            Reporter: helen huang
             Fix For: 3.4.0, 3.3.0


The log4j dependency being use by hadoop-common is currently version 1.2.17. Our fortify scan picked up a couple of issues with this dependency. Please upgrade it to the latest version of log4j2 dependencies:


<dependency>
 <groupId>org.apache.logging.log4j</groupId>
 <artifactId>log4j-api</artifactId>
 <version>2.14.1</version>
</dependency>

<dependency>
 <groupId>org.apache.logging.log4j</groupId>
 <artifactId>log4j-core</artifactId>
 <version>2.14.1</version>
</dependency>

 

The slf4j dependency will need to be updated as well after you upgrade log4j to log4j2.

 

 



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: common-dev-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-dev-help@hadoop.apache.org