You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@druid.apache.org by GitBox <gi...@apache.org> on 2022/04/18 08:30:33 UTC

[GitHub] [druid] FrankChen021 commented on issue #12425: Security: remove use log of log4j v1

FrankChen021 commented on issue #12425:
URL: https://github.com/apache/druid/issues/12425#issuecomment-1101216500

   The log4j v1 used by these two libs is introduced by #11794. And they're used for test profile only. So I think it does not cause any security problems. 
   
   I don't know if it's possible to remove it or upgrade it to log4j2. What do you think ? @cryptoe 


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@druid.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@druid.apache.org
For additional commands, e-mail: commits-help@druid.apache.org