You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@dubbo.apache.org by GitBox <gi...@apache.org> on 2022/03/16 02:25:53 UTC

[GitHub] [dubbo] CrazyHZM commented on a change in pull request #9791: upgrade logging jars due to security issues

CrazyHZM commented on a change in pull request #9791:
URL: https://github.com/apache/dubbo/pull/9791#discussion_r827570752



##########
File path: dubbo-dependencies-bom/pom.xml
##########
@@ -136,10 +136,10 @@
         <!-- Log libs -->
         <slf4j_version>1.7.25</slf4j_version>
         <jcl_version>1.2</jcl_version>
-        <log4j_version>1.2.16</log4j_version>
-        <logback_version>1.2.2</logback_version>
+        <log4j_version>1.2.17</log4j_version>
+        <logback_version>1.2.11</logback_version>
         <!-- Fix the bug of log4j refer:https://github.com/apache/logging-log4j2/pull/608 -->
-        <log4j2_version>2.17.0</log4j2_version>

Review comment:
       Thank you for your contribution, there are still some areas that need to be upgraded, such as `dubbo-spring-boot` module , etc.




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@dubbo.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@dubbo.apache.org
For additional commands, e-mail: notifications-help@dubbo.apache.org