You are viewing a plain text version of this content. The canonical link for it is here.

Posted to github@beam.apache.org by "Abacn (via GitHub)" <gi...@apache.org> on 2023/05/03 21:49:39 UTC

[GitHub] [beam] Abacn commented on issue #26403: Update vendored calcite to eliminate vulnerability from shaded log4j:1.2.17 and protobuf-java:3.19.2

Abacn commented on issue #26403:
URL: https://github.com/apache/beam/issues/26403#issuecomment-1533798942

   > Did you have a chance to perform audit of com.google.common ?
   
   Yes, done in #26463. The change will be available in Beam v2.48.0. Though I don't think this resolves the main issue of this Issue. Dot the log4j dependency, users should be able to overwrite the dependency to a newer version because it is not shaded in vendor-calcite-1.28.0. Will confirm.
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: github-unsubscribe@beam.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org