You are viewing a plain text version of this content. The canonical link for it is here.

Posted to github@beam.apache.org by GitBox <gi...@apache.org> on 2021/07/01 19:54:59 UTC

[GitHub] [beam] suztomo commented on pull request #15113: [BEAM-12422] Upgrade log4j version not affected by CVE-2017-5645

suztomo commented on pull request #15113:
URL: https://github.com/apache/beam/pull/15113#issuecomment-872509756


   > netty uses log4j and commons-logging and is a transitive dep of grpc.
   
   From your comment in https://issues.apache.org/jira/browse/BEAM-12422 
   
   Can you give me the Maven coordinates of the netty library you checked?
   
   I tried generating the dependency tree (https://gist.github.com/suztomo/5b906fa4850b4685081e870d45ae26b9) of `vendor/grpc-1_36_0` but I don't find them.
   
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: github-unsubscribe@beam.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org