You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@datafu.apache.org by "Eyal Allweil (Jira)" <ji...@apache.org> on 2022/10/12 08:22:00 UTC

[jira] [Resolved] (DATAFU-162) Upgrade Log4j version

     [ https://issues.apache.org/jira/browse/DATAFU-162?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Eyal Allweil resolved DATAFU-162.
---------------------------------
    Fix Version/s: 1.7.0
         Assignee: Eyal Allweil
       Resolution: Fixed

Merged

> Upgrade Log4j version
> ---------------------
>
>                 Key: DATAFU-162
>                 URL: https://issues.apache.org/jira/browse/DATAFU-162
>             Project: DataFu
>          Issue Type: Improvement
>            Reporter: Eyal Allweil
>            Assignee: Eyal Allweil
>            Priority: Major
>              Labels: up-for-grabs
>             Fix For: 1.7.0
>
>          Time Spent: 1h 10m
>  Remaining Estimate: 0h
>
> Although the [infamous Log4J vulnerability|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44832] is not relevant for DataFu (we are dependent on log4j 1.x, which is not affected) it is still a pretty good idea to upgrade to a new version.
> The upgrade should keep our logs as similar as possible to the existing version, but this shouldn't necessitate a major version release since this isn't a breaking change.
>  
> We can start by fixing this for datafu-spark (we don't need to update the other projects since they might be deprecated soon)



--
This message was sent by Atlassian Jira
(v8.20.10#820010)