You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@beam.apache.org by "Kyle Weaver (Jira)" <ji...@apache.org> on 2021/12/16 23:54:00 UTC

[jira] [Commented] (BEAM-13481) Upgrade shadow plugin (log4j)

    [ https://issues.apache.org/jira/browse/BEAM-13481?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17461127#comment-17461127 ] 

Kyle Weaver commented on BEAM-13481:
------------------------------------

https://github.com/johnrengelman/shadow/issues/739

> Upgrade shadow plugin (log4j)
> -----------------------------
>
>                 Key: BEAM-13481
>                 URL: https://issues.apache.org/jira/browse/BEAM-13481
>             Project: Beam
>          Issue Type: Improvement
>          Components: build-system
>            Reporter: Kyle Weaver
>            Assignee: Kyle Weaver
>            Priority: P2
>
> Beam's current version of the shadow plugin (6.1.0) is dependent on a vulnerable version of log4j. The shadow plugin is run at compile time only, and is never bundled in any Beam applications, but the log4j dependency may still be problematic since some organizations may have blocked it.
> The shadow plugin has already made a new release, but it will require us to upgrade to Gradle 7 (BEAM-13430): https://github.com/johnrengelman/shadow/releases/tag/7.1.1



--
This message was sent by Atlassian Jira
(v8.20.1#820001)